From nobody Fri Nov 26 23:46:05 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D364F18B2C14; Fri, 26 Nov 2021 23:46:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J1BG52S2dz3mff; Fri, 26 Nov 2021 23:46:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 313CC11E8E; Fri, 26 Nov 2021 23:46:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1AQNk5gl050894; Fri, 26 Nov 2021 23:46:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1AQNk55P050893; Fri, 26 Nov 2021 23:46:05 GMT (envelope-from git) Date: Fri, 26 Nov 2021 23:46:05 GMT Message-Id: <202111262346.1AQNk55P050893@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: bdd57cbb1bda - main - nfsd: Add checks for layout errors in LayoutReturn List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bdd57cbb1bdafcf2ebffa73c52f0fffc9410ea7b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1637970365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=y9wkHgxOOUy4F8tDRpUxHUZULorROmYOluLXt24DqGM=; b=aAVuTs91CJIHgTOkDieXynK2oiCAflCX0AYjNLaRZCycDoRQsQ0/CyABqVvykX9oLCvFUN YaZXGEKxmKiXkriLZknqlTvYo1z+NHH22XIc3tlghwzq2lhkDrfJqjLaLtT7vN396fO/Ec e5eVDotrHmfjbQgwRts2OurGgMGKSe4KiRhClmsOpq/yKWq0+K+Fq5RqjdCiu2V64u7ZVp S242bpN1EKMoOdT1wjwQoHQ2YyvKVV3UhoTKyV5tblLqk6zuFXxr4kEF4KF0KSfFRj4gLd Uiq6aY8lPfKg6u8tbBn8HG/VErLKnu3j6v1IZddaVcRoLRSXFPccc3IxDlIuqg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1637970365; a=rsa-sha256; cv=none; b=b+mR3DdXzSklrCAOLrmE9rlDyRpngge8pJuEmN6J9TWyVrqwB9zmcrQ2z8B4FIspM+41g3 M+O7mm9wmNwFtszdJfXkGZX6r0FPdl2Or8eEp98RM58uVeFcVIO+PO+7u+44MkS/VukywI 5IMxBe5yT2Kgz1Iip5OqAhBHMeMZdyA8K7Rwa3knaG17L1P6Mr/FEP8/kOpE7FU+CaJYsS /GX+UDw4Yi0IGhHj4CwFl1M8Ltua97g8lZkyWsna4iGp2DCDA9JxEAdVG9ad0PhO4PsXDk hGjuWwmja3+TZ2DlTSNYK0Pfe8Sr+lyTPthTFXA9kjtSM96YO27pbsrPtdUwKw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=bdd57cbb1bdafcf2ebffa73c52f0fffc9410ea7b commit bdd57cbb1bdafcf2ebffa73c52f0fffc9410ea7b Author: Rick Macklem AuthorDate: 2021-11-26 23:42:32 +0000 Commit: Rick Macklem CommitDate: 2021-11-26 23:42:32 +0000 nfsd: Add checks for layout errors in LayoutReturn For a LayoutReturn when using the Flexible File Layout, error reports may be provided in the request. Sanity check the size of these error reports and check that they exist before calling nfsrv_flexlayouterr(). Reported by: rtm@lcs.mit.edu Tested by: rtm@lcs.mit.edu PR: 260012 MFC after: 2 weeks --- sys/fs/nfsserver/nfs_nfsdserv.c | 6 ++++++ sys/fs/nfsserver/nfs_nfsdstate.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c index a590c599518f..80c492251ce8 100644 --- a/sys/fs/nfsserver/nfs_nfsdserv.c +++ b/sys/fs/nfsserver/nfs_nfsdserv.c @@ -4959,6 +4959,12 @@ nfsrvd_layoutreturn(struct nfsrv_descript *nd, __unused int isdgram, } maxcnt = fxdr_unsigned(int, *tl); + /* + * There is no fixed upper bound defined in the RFCs, + * but 128Kbytes should be more than sufficient. + */ + if (maxcnt < 0 || maxcnt > 131072) + maxcnt = 0; if (maxcnt > 0) { layp = malloc(maxcnt + 1, M_TEMP, M_WAITOK); error = nfsrv_mtostr(nd, (char *)layp, maxcnt); diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 360bc00b8df3..4cfac532f063 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -7301,7 +7301,7 @@ nfsrv_layoutreturn(struct nfsrv_descript *nd, vnode_t vp, } NFSDRECALLUNLOCK(); } - if (layouttype == NFSLAYOUT_FLEXFILE) + if (layouttype == NFSLAYOUT_FLEXFILE && layp != NULL) nfsrv_flexlayouterr(nd, layp, maxcnt, p); } else if (kind == NFSV4LAYOUTRET_FSID) nfsrv_freelayouts(&nd->nd_clientid,