Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf5c43c8 authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

nfsd4: check for uninitialized slot 



This fixes an oops when a buggy client tries to use an initial seqid of
0 on a new slot, which we may misinterpret as a replay.

Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 73e79482

fs/nfsd/nfs4state.c

+7 −1
Original line number Diff line number Diff line
@@ -1347,6 +1347,7 @@ nfsd4_store_cache_entry(struct nfsd4_compoundres *resp) 
	slot->sl_opcnt = resp->opcnt;

	slot->sl_status = resp->cstate.status;



	slot->sl_flags |= NFSD4_SLOT_INITIALIZED;

	if (nfsd4_not_cached(resp)) {

		slot->sl_datalen = 0;

		return;
@@ -1916,6 +1917,9 @@ nfsd4_sequence(struct svc_rqst *rqstp, 
	status = check_slot_seqid(seq->seqid, slot->sl_seqid,

					slot->sl_flags & NFSD4_SLOT_INUSE);

	if (status == nfserr_replay_cache) {

		status = nfserr_seq_misordered;

		if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED))

			goto out;

		cstate->slot = slot;

		cstate->session = session;

		/* Return the cached reply status and set cstate->status
@@ -1932,9 +1936,11 @@ nfsd4_sequence(struct svc_rqst *rqstp, 


	/* Success! bump slot seqid */

	slot->sl_seqid = seq->seqid;

	slot->sl_flags = NFSD4_SLOT_INUSE;

	slot->sl_flags |= NFSD4_SLOT_INUSE;

	if (seq->cachethis)

		slot->sl_flags |= NFSD4_SLOT_CACHETHIS;

	else

		slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS;



	cstate->slot = slot;

	cstate->session = session;

fs/nfsd/state.h

+1 −0
Original line number Diff line number Diff line
@@ -134,6 +134,7 @@ struct nfsd4_slot { 
	u16	sl_opcnt;

#define NFSD4_SLOT_INUSE	(1 << 0)

#define NFSD4_SLOT_CACHETHIS	(1 << 1)

#define NFSD4_SLOT_INITIALIZED	(1 << 2)

	u8	sl_flags;

	char	sl_data[];

};