From nobody Mon May 25 19:24:11 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gPQmW5RWmz6fndx
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Mon, 25 May 2026 19:24:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gPQmW4vp3z3CVl
	for <dev-commits-src-main@FreeBSD.org>; Mon, 25 May 2026 19:24:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1779737051;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hYTw3KEaPEJmatBtVlWF9DFktpFhfhaCO/kUfSwR3g4=;
	b=Dv1BMO1o3NpWVEBEkYckFmkYJ5Gih4FjOiBDSAfw3br3vOYUNgzIg9IqK5hdAyszqs9S9t
	D0mQ2nClIOb+D6vZwSn77Oq0IRRKZL6HapIJI8PzpRULvl7Pv4on0uspkbeBZkRa4QZ1nC
	bvXBnZuWWOImTlcWxStlkoNMu+XNi8tc+on8+6rXdkVDH97VoKOPO9/ASvKFbeBTrDsSIS
	SDfpeIZwEX16F66je6q2YrNm/QPZfEbQvj1z/WBnyxZh4qUWpP6Qy+tobRH5JUZPX6U5+q
	7YRmGpkfXM7woLAxC8R3BghC1l0T8DeqnvLPqYQLUCBKc+DqwI6Yq3DNAx+dfA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779737051; a=rsa-sha256; cv=none;
	b=VlKivzNeb2Fv6EBX38CR9k2wyWOvO3+ZSHWFihQ69A169SH0+AgznG/zF+PdRez1RpxguW
	HiK0KbRlAumgHUbCCWEJIGI9NFSH+5Yh6Cj3oP01NT7l3GimJuuywQV6yTnjVWzr0BAmbB
	N3LAnP1E4TooE5e9b3iD9CU6q/3zwc4+8IEZqbLL5gi3hgNu4OcEzsIhedXof2iZ3MUE9P
	mLisNIb0MKVBcJo5OuCykEZ3eecN+yHwtFXhFpS2eqCtE/gHgDR02NL8ZtHViRVpoq+pHM
	1I9onTc5eqO3Ul240CppLcGJzuUcrB7dOnMl6muFgWLpaR4pLk2/qJjPrOmehA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1779737051;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hYTw3KEaPEJmatBtVlWF9DFktpFhfhaCO/kUfSwR3g4=;
	b=i7R4pGtKJN6joHwTNASjMKVgaeqZgg+/q8XcOT07gpOTeVG2l4xkUbFsDYlsxBYR4GCDHv
	Hgn7BhJ3HfeSvxWuLVLDh766K3QckenJlpMV0SRsArMM7UejtxKFO5gVP19tAl8DaQO3g7
	23DNjF9cwnsO5HPN8KSYG8vYsVqKyp5MnKjpD+iVHZOQzSqdwMQ0EzmStSVqxqCnkzAB3J
	bQ6Zrzi7pvfkkfwJS2ld0SdkmlN2vDgq/Vxo9BzB51+sA1GxJpS4BoRyePScGNRPzZ+V1B
	q+vkXRkzdHI9tRuPmEOkvZ4mUFuA654YOhg9YXfMcueu4i2ZNK93Az7L5NsI6Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gPQmW3tGZzvK0
	for <dev-commits-src-main@FreeBSD.org>; Mon, 25 May 2026 19:24:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 4593c
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Mon, 25 May 2026 19:24:11 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 4d80d4913e79 - main - nfs: Fix argument typo to avoid a crash
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
List-Id: <dev-commits-src-main.FreeBSD.org>
List-Post: <mailto:dev-commits-src-main@FreeBSD.org>
List-Help: <mailto:dev-commits-src-main+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4
Auto-Submitted: auto-generated
Date: Mon, 25 May 2026 19:24:11 +0000
Message-Id: <6a14a1db.4593c.687b0e74@gitrepo.freebsd.org>

The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4

commit 4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2026-05-25 19:22:32 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2026-05-25 19:22:32 +0000

    nfs: Fix argument typo to avoid a crash
    
    A typo resulted in the wrong argument for a bytewise
    comparison that could result in a crash if
    the incorrect argument was not a valid pointer.
    
    This patch fixes the argument.
    
    While investigating this, I noticed that the
    correct argument was not being filled in as
    required, so this patch fixes that, as well.
    
    Somehow, recovery from a NFSv4.1/4.2 server
    crash worked during testing, so this was not
    detected.  The bug/patch only affects NFS
    client mounts using NFSv4.1/4.2.
    
    PR:     294925
    Reported by:    Jov <amutu@amutu.com>
    MFC after:      3 days
---
 sys/fs/nfs/nfs_commonkrpc.c | 5 +++--
 sys/fs/nfs/nfs_commonsubs.c | 3 +++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 9ea4e5f4c9df..2d4c41994c0e 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -1265,8 +1265,9 @@ tryagain:
 					goto out;
 				}
 				sep = NFSMNT_MDSSESSION(nmp);
-				if (bcmp(sep->nfsess_sessionid, nd->nd_sequence,
-				    NFSX_V4SESSIONID) == 0) {
+				if (bcmp(sep->nfsess_sessionid,
+				    nd->nd_sessionid, NFSX_V4SESSIONID) == 0 &&
+				    sep->nfsess_defunct == 0) {
 					printf("Initiate recovery. If server "
 					    "has not rebooted, "
 					    "check NFS clients for unique "
diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index b5f83a98b307..a11b55b11c43 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -368,6 +368,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
 	 * First, fill in some of the fields of nd.
 	 */
 	nd->nd_slotseq = NULL;
+	NFSBZERO(nd->nd_sessionid, NFSX_V4SESSIONID);
 	if (vers == NFS_VER4) {
 		nd->nd_flag = ND_NFSV4 | ND_NFSCL;
 		if (minorvers == NFSV41_MINORVERSION)
@@ -5348,6 +5349,7 @@ nfsv4_setsequence(struct nfsmount *nmp, struct nfsrv_descript *nd,
 	NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID + 4 * NFSX_UNSIGNED);
 	nd->nd_sequence = tl;
 	bcopy(sessionid, tl, NFSX_V4SESSIONID);
+	bcopy(sessionid, nd->nd_sessionid, NFSX_V4SESSIONID);
 	tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
 	nd->nd_slotseq = tl;
 	if (error == 0) {
@@ -5593,6 +5595,7 @@ nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclsession *tsep,
 	    0, NULL);
 	NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
 	bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
+	bcopy(tsep->nfsess_sessionid, nd->nd_sessionid, NFSX_V4SESSIONID);
 	nd->nd_flag |= ND_USEGSSNAME;
 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
 	    NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);