From nobody Thu Oct 30 01:22:34 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cxmZ30MRGz6DQb5; Thu, 30 Oct 2025 01:22:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cxmZ26Ftkz3jX2; Thu, 30 Oct 2025 01:22:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761787354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1qLunsk3XKoqWBzDYK3G+J907WZOAMcUrGvffu606Sk=; b=V8uugTMgDgnIQp1Si75AWeItLR1TLtFJLxegaGgL0zZOIKkny+SJN2Mx+M686XpQaDusnY qOzvCVlOr2XKLh6mcQYcXpuly3WXyiJ2OA2JeugfLQJaiaaCF0+xAzs5XPBTHNpXpMBvSE yNWA5186oALybT5tP1B9fx7XgCHQpWXqmckaeXWZskOY3wWqE7BhFcdypk7XMm1QLEOuNU qrPBh4Ihryqn0F2DV/ZCVgj/8agu3ifCQAgcKKeshcfUoTDwBK08klLrsMkCpONuXfcVwP it8G0GH2qmhwN4rNZGkIWENAvwK3I5mp8Kj8la5NlxRgV4xMsMRl93ycU9Lzkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1761787354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1qLunsk3XKoqWBzDYK3G+J907WZOAMcUrGvffu606Sk=; b=Rd2M/6R/vWTVm67SQotBr7ukJv5FRsy7e4P0JbyKqcLmq8vaNU+i7WvohB+Davz6FPKdJs 1UbtZIfKLGvYSNdxWeWh5ApuntgfaZ+8fGO0NFzQPoTOKaa/C700ZmR+ZhzvArThcn4ZMA 4JIKLhtu3D9hKBUJJooHo79uFOhbPo0DY7hJdWx6BYiwsNe94QZ7qJy0SytZqZoZf+4wfL eYlq2QAtC43TnDIBMJv+S+Kz3BQ57TP76qlfHOCgAeVGiPZc06V2IT19fis5mSTn+5I7rg OzabUU86k/0LYMzsbTSyz3JY+Z5SwzIXZq+CDlqoH8YaF6WsMS9wt1hDz9kdIQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1761787354; a=rsa-sha256; cv=none; b=SI/AEP+ZUuEa51R+gE/N6aiVhexseQG5E4NY4zfbdBh3F+jecNnIWoITsYmwnsRJosz9wS 25ZuKhQm0Btd3I/ZvcymqLuCmX2RsUhHwPeqk2qrWrFTOe1PVM3OBerIu6zhU80jRL39CX +PVJkO7cMcAHvsNTbU4e7BJl6Vy1HPNqxedsOvqoKBrXlijfBjH23auKecddfPDNiX7e6F 28i/T8qd0iqdPMdAcDwNqrVtg4Ttra1ww7b3KbUpWZph3qHkeSNOaF7nN7FJPiPci74bdi h3QJa2B6NgFw0MV7DdYfFuxY+tiorTLeV8mGr99g/HK+Ev2b4Hl1EPddFGfuiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cxmZ25jCvz115Q; Thu, 30 Oct 2025 01:22:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59U1MYPj044001; Thu, 30 Oct 2025 01:22:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59U1MYiq043998; Thu, 30 Oct 2025 01:22:34 GMT (envelope-from git) Date: Thu, 30 Oct 2025 01:22:34 GMT Message-Id: <202510300122.59U1MYiq043998@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 1d37ea5e58e8 - stable/14 - nfs_clrpcops.c: Add sanity checks for the slot cnts List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 1d37ea5e58e88442b7e9061c8cdfc90b864f840a Auto-Submitted: auto-generated The branch stable/14 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=1d37ea5e58e88442b7e9061c8cdfc90b864f840a commit 1d37ea5e58e88442b7e9061c8cdfc90b864f840a Author: Rick Macklem AuthorDate: 2025-10-27 14:35:27 +0000 Commit: Rick Macklem CommitDate: 2025-10-30 01:19:55 +0000 nfs_clrpcops.c: Add sanity checks for the slot cnts The reply to CreateSession includes the slot cnt for both fore and back slots. It should never be larger than the argument specified and the fore slot cnt should always be at least 1. Without this patch, the replied slot cnts were not being sanity checked. While here, replace 64 with NFSV4_SLOTS (which is 64). (cherry picked from commit 3053b2a3dcab6e05311c3b696bee4c9e5698d93a) --- sys/fs/nfsclient/nfs_clrpcops.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 3c580b90e6b9..527c6b6928ac 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -5470,7 +5470,7 @@ nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep, } *tl++ = txdr_unsigned(4096); /* Max response size cached */ *tl++ = txdr_unsigned(20); /* Max operations */ - *tl++ = txdr_unsigned(64); /* Max slots */ + *tl++ = txdr_unsigned(NFSV4_SLOTS); /* Max slots */ *tl = 0; /* No rdma ird */ /* Fill in back channel attributes. */ @@ -5539,6 +5539,11 @@ nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep, sep->nfsess_maxcache = fxdr_unsigned(int, *tl++); tl++; sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++); + if (sep->nfsess_foreslots == 0) { + error = NFSERR_BADXDR; + goto nfsmout; + } else if (sep->nfsess_foreslots > NFSV4_SLOTS) + sep->nfsess_foreslots = NFSV4_SLOTS; NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots); irdcnt = fxdr_unsigned(int, *tl); if (irdcnt < 0 || irdcnt > 1) { @@ -5552,6 +5557,8 @@ nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep, NFSM_DISSECT(tl, uint32_t *, 7 * NFSX_UNSIGNED); tl += 5; sep->nfsess_backslots = fxdr_unsigned(uint16_t, *tl); + if (sep->nfsess_backslots > NFSV4_CBSLOTS) + sep->nfsess_backslots = NFSV4_CBSLOTS; NFSCL_DEBUG(4, "back slots=%d\n", (int)sep->nfsess_backslots); } error = nd->nd_repstat;