git: db7257ef972e - main - nfsd: Fix a server crash

From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Wed, 18 Oct 2023 02:44:09 UTC
The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=db7257ef972ed75e33929d39fd791d3699b53c63

commit db7257ef972ed75e33929d39fd791d3699b53c63
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-10-18 02:40:23 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-10-18 02:43:25 +0000

    nfsd: Fix a server crash
    
    PR#274346 reports a crash which appears to be caused by a NULL default session
    being destroyed.  This patch should avoid the crash.
    
    Tested by:      Joshua Kinard <freebsd@kumba.dev>
    PR:     274346
    MFC after:      2 weeks
---
 sys/fs/nfs/nfs_commonkrpc.c | 9 +++++++++
 sys/fs/nfs/nfs_commonsubs.c | 6 ++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 936373c79366..29c7cdbd671c 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -1208,6 +1208,14 @@ tryagain:
 				NFSCL_DEBUG(1, "Got badsession\n");
 				NFSLOCKCLSTATE();
 				NFSLOCKMNT(nmp);
+				if (TAILQ_EMPTY(&nmp->nm_sess)) {
+					NFSUNLOCKMNT(nmp);
+					NFSUNLOCKCLSTATE();
+					printf("If server has not rebooted, "
+					    "check NFS clients for unique "
+					    "/etc/hostid's\n");
+					goto out;
+				}
 				sep = NFSMNT_MDSSESSION(nmp);
 				if (bcmp(sep->nfsess_sessionid, nd->nd_sequence,
 				    NFSX_V4SESSIONID) == 0) {
@@ -1388,6 +1396,7 @@ tryagain:
 				nd->nd_repstat = NFSERR_STALEDONTRECOVER;
 		}
 	}
+out:
 
 #ifdef KDTRACE_HOOKS
 	if (nmp != NULL && dtrace_nfscl_nfs234_done_probe != NULL) {
diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index ffe1ec542492..f2305795e53e 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -5141,11 +5141,13 @@ nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclsession *tsep,
 	struct nfsrv_descript *nd = &nfsd;
 	int error;
 
+	if (tsep == NULL)
+		tsep = nfsmnt_mdssession(nmp);
+	if (tsep == NULL)
+		return (0);
 	nfscl_reqstart(nd, NFSPROC_DESTROYSESSION, nmp, NULL, 0, NULL, NULL, 0,
 	    0, NULL);
 	NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
-	if (tsep == NULL)
-		tsep = nfsmnt_mdssession(nmp);
 	bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
 	nd->nd_flag |= ND_USEGSSNAME;
 	error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,