git: 4d80d4913e79 - main - nfs: Fix argument typo to avoid a crash
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 25 May 2026 19:24:11 UTC
The branch main has been updated by rmacklem:
URL: https://cgit.FreeBSD.org/src/commit/?id=4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4
commit 4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4
Author: Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2026-05-25 19:22:32 +0000
Commit: Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2026-05-25 19:22:32 +0000
nfs: Fix argument typo to avoid a crash
A typo resulted in the wrong argument for a bytewise
comparison that could result in a crash if
the incorrect argument was not a valid pointer.
This patch fixes the argument.
While investigating this, I noticed that the
correct argument was not being filled in as
required, so this patch fixes that, as well.
Somehow, recovery from a NFSv4.1/4.2 server
crash worked during testing, so this was not
detected. The bug/patch only affects NFS
client mounts using NFSv4.1/4.2.
PR: 294925
Reported by: Jov <amutu@amutu.com>
MFC after: 3 days
---
sys/fs/nfs/nfs_commonkrpc.c | 5 +++--
sys/fs/nfs/nfs_commonsubs.c | 3 +++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 9ea4e5f4c9df..2d4c41994c0e 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -1265,8 +1265,9 @@ tryagain:
goto out;
}
sep = NFSMNT_MDSSESSION(nmp);
- if (bcmp(sep->nfsess_sessionid, nd->nd_sequence,
- NFSX_V4SESSIONID) == 0) {
+ if (bcmp(sep->nfsess_sessionid,
+ nd->nd_sessionid, NFSX_V4SESSIONID) == 0 &&
+ sep->nfsess_defunct == 0) {
printf("Initiate recovery. If server "
"has not rebooted, "
"check NFS clients for unique "
diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
index b5f83a98b307..a11b55b11c43 100644
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@@ -368,6 +368,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
* First, fill in some of the fields of nd.
*/
nd->nd_slotseq = NULL;
+ NFSBZERO(nd->nd_sessionid, NFSX_V4SESSIONID);
if (vers == NFS_VER4) {
nd->nd_flag = ND_NFSV4 | ND_NFSCL;
if (minorvers == NFSV41_MINORVERSION)
@@ -5348,6 +5349,7 @@ nfsv4_setsequence(struct nfsmount *nmp, struct nfsrv_descript *nd,
NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID + 4 * NFSX_UNSIGNED);
nd->nd_sequence = tl;
bcopy(sessionid, tl, NFSX_V4SESSIONID);
+ bcopy(sessionid, nd->nd_sessionid, NFSX_V4SESSIONID);
tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
nd->nd_slotseq = tl;
if (error == 0) {
@@ -5593,6 +5595,7 @@ nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclsession *tsep,
0, NULL);
NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
+ bcopy(tsep->nfsess_sessionid, nd->nd_sessionid, NFSX_V4SESSIONID);
nd->nd_flag |= ND_USEGSSNAME;
error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);