From nobody Wed Nov 26 19:21:59 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dGqF40SLzz6JVdV for ; Wed, 26 Nov 2025 19:22:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dGqF36J6Pz47cG for ; Wed, 26 Nov 2025 19:21:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764184919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YzRv32SdH14Mvz5Oaall5VEjpzIB1Gi6MlXBKA7/d2s=; b=LuOdOJS7gGs3Sk7Lwg3IXNaMNWyCTCE8DXr+TEe4pzElW1NLhZcbD9zrsdx2cqiwqEF7xp Cgf32OqafGNS2TknmJ3lhUWJy4fymc92MTmvpEk7XwxUQ/AylIrOXE7yJC8oq/HvFebA33 jU1HmGVQdlpPcW50C6+h6EWln/4dg0l5SQ0Sttf1Sckv7lh5hmmzLAhMMarUaO9bwLdUtA /W3idtzPD3m+ParUiWkZHETTuPXg8KZGsjxVmfOQktmcBA2DZE2QymyE9dobA9y2qReB4y YqwitzTT+Gg8A9Rz09MAtblaWjcuNIRTNPgje1ihI2fGih55PRRRlOfLG7zhsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1764184919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YzRv32SdH14Mvz5Oaall5VEjpzIB1Gi6MlXBKA7/d2s=; b=qPJyDKWDnivTYi2TsMZ+0qx3dGRkGJo2YkNiUd6qJ/Wv9MmuU9M84PBviiGR93q5a7QZb4 FXB4xhcznd3b5LLSNe/tvqeMgWCs/s+mut70yiYprdAk6uTwMQ3XObIx4gzeTvq11hrINP 3RtR6YtGv8i2WKEiTXPkx1z9F7aI2XJv5DYNTZq1tmUiq+UxbsgBC7Kka35Tx1L5cCxjVv XhgHT3I73lJ2Gw/q0Ea7ZN/AxK+JWXL2It8cFPH67p3NE7YW+YeDYCK+ozDpCDECIEnNDl Ks4T4l8UqSvliyt3VcxHFetgz68x7DeaiFOan6TkQ5N0kCSQedM2rFgsopFz5g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1764184919; a=rsa-sha256; cv=none; b=pfJECP6OedCJfMcAgtqiE+S2aK05yTipuKBcs0DUunijcDnWSixQ8nmSj8r5HDltaNLGfg BeLkHI4qBv5PM8Hkr4/rLzI/U6uqmA9O30emVN0DLWgCVun24jQK8XHYIztwsRRPZ+F2TQ 1liy4RW7EVEfsv+zjzv3rcMJrLalHLpTlGbeKxNMQFxgTDPAdUWkyl/bBWug1R5dgSESHX Iqt0WfarK2X2iEHbC8kDcvanUCcBcHc7PiTpkmjMFHRYhHlSi4jj9kxBWc698E/sNnU5Tq YlKzp41HqKo8yoMVXe0XgCvL0UdKBouNofLoEPTLkDG2OF8b/PKVuJVd0aUAZg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dGqF35j6Fz10ns for ; Wed, 26 Nov 2025 19:21:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 29b8d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 26 Nov 2025 19:21:59 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: aa1cf240887d - main - nfs_nfsdstate.c: Add sanity checks for lock stateids List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: aa1cf240887ddcca66dfb969fdc5a8d545396037 Auto-Submitted: auto-generated Date: Wed, 26 Nov 2025 19:21:59 +0000 Message-Id: <69275357.29b8d.785be0b1@gitrepo.freebsd.org> The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=aa1cf240887ddcca66dfb969fdc5a8d545396037 commit aa1cf240887ddcca66dfb969fdc5a8d545396037 Author: Rick Macklem AuthorDate: 2025-11-26 19:20:27 +0000 Commit: Rick Macklem CommitDate: 2025-11-26 19:20:27 +0000 nfs_nfsdstate.c: Add sanity checks for lock stateids Bugzilla PR reported a crash caused by a synthetic client doing a Lock operation request with a delegation stateid. This patch fixes the problem by adding sanity checks for the type of stateid provided as an argument to the Lock and LockU operations. It has been tested with the FreeBSD, Linux and Solaris 11.4 clients. Hopefully, other NFSv4 clients will work ok as well. PR: 291080 Tested by: Robert Morris MFC after: 2 weeks --- sys/fs/nfsserver/nfs_nfsdstate.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 111b0f26d0b5..3fae2be5af46 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -1977,6 +1977,20 @@ tryagain: error = NFSERR_BADSTATEID; } + /* + * Sanity check the stateid for the Lock/LockU cases. + */ + if (error == 0 && (new_stp->ls_flags & NFSLCK_LOCK) != 0 && + (((new_stp->ls_flags & NFSLCK_OPENTOLOCK) != 0 && + (stp->ls_flags & NFSLCK_OPEN) == 0) || + ((new_stp->ls_flags & NFSLCK_OPENTOLOCK) == 0 && + (stp->ls_flags & NFSLCK_LOCK) == 0))) + error = NFSERR_BADSTATEID; + if (error == 0 && (new_stp->ls_flags & NFSLCK_UNLOCK) != 0 && + (stp->ls_flags & NFSLCK_LOCK) == 0) + error = NFSERR_BADSTATEID; + + /* Sanity check the delegation stateid. */ if (error == 0 && (stp->ls_flags & (NFSLCK_DELEGREAD | NFSLCK_DELEGWRITE)) && getlckret == 0 && stp->ls_lfp != lfp)