From nobody Fri Dec 10 00:59:36 2021 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B38E918D4863; Fri, 10 Dec 2021 00:59:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J9CGw37JFz4dvQ; Fri, 10 Dec 2021 00:59:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4BA72112DD; Fri, 10 Dec 2021 00:59:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BA0xaIO027210; Fri, 10 Dec 2021 00:59:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BA0xabD027209; Fri, 10 Dec 2021 00:59:36 GMT (envelope-from git) Date: Fri, 10 Dec 2021 00:59:36 GMT Message-Id: <202112100059.1BA0xabD027209@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 8e74cc2b4ec0 - stable/13 - nfsd: Add checks for layout errors in LayoutReturn List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 8e74cc2b4ec090e592cc808e55a6936207b4d302 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1639097976; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MNtylWoeP0PeqzPODGiW2R8ss+aI+g9dCDPJRvcNLpQ=; b=elogRR0+/43/FdTPqDDdx5FXwKI2K8D5tYR+3VxQzCBPZRg2lCsAnoa6ZYLXaV4O0qyUfM zaPhLQ4b7wdaBOCku0yPtls/1eF+JiowkqUhil7dcydwXcNB2AbD6OZbhQbQFbEzDbR9D/ dPq51iDXxHRywDFvvgFYPi7ou/tgh6FUkdQCBxfPP+V4D1gYyMZewc3Bx1PLkOmuwgXTai UUuUIuv9rWksZXlIyeYzVLVldtJfMUsZ6n5ZPG6x/62SZv4diAneT20zOu8OAQGhRaZ/HE Sp1IfGDPVhoQH7L86d1pqgA/nLEiOvMyWHCfABfuW0xU48TPa+rUnHQKS1QQNw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639097976; a=rsa-sha256; cv=none; b=oJCAd+oMm4vWg3C3Woa+eRqBQ/E9MfEX231uJwCZUZhjba85yWZ8rD7umxJ7aLSlccj8hW LGtLHiLAYDNLyuueJwROntfPrfpfmLhbrHE2214VdcZ9K+sRRViqpico5u9OpIa9MvuJ/K xnB4IDnu7K38BAb/FqUVqJkhcyU4mczJH0TYeFQpuWFcbGAuh+RFNuaajYcmEcEZMIckYY y/zh61V1L4SSMe7BwLoTLPAMedggB+0cyk/LIJMngJi1c9yQUTmUPg+anOdCA6o7/71C+y mUhY8X7PBjrYTqKu3gRnAsERfGggMewnLrnZK2+DHh8OK+tAkwO+p76PYYjcLg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=8e74cc2b4ec090e592cc808e55a6936207b4d302 commit 8e74cc2b4ec090e592cc808e55a6936207b4d302 Author: Rick Macklem AuthorDate: 2021-11-26 23:42:32 +0000 Commit: Rick Macklem CommitDate: 2021-12-10 00:55:47 +0000 nfsd: Add checks for layout errors in LayoutReturn For a LayoutReturn when using the Flexible File Layout, error reports may be provided in the request. Sanity check the size of these error reports and check that they exist before calling nfsrv_flexlayouterr(). PR: 260012 (cherry picked from commit bdd57cbb1bdafcf2ebffa73c52f0fffc9410ea7b) --- sys/fs/nfsserver/nfs_nfsdserv.c | 6 ++++++ sys/fs/nfsserver/nfs_nfsdstate.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c index f5ff9f8fab83..4ca49f75fc2c 100644 --- a/sys/fs/nfsserver/nfs_nfsdserv.c +++ b/sys/fs/nfsserver/nfs_nfsdserv.c @@ -4959,6 +4959,12 @@ nfsrvd_layoutreturn(struct nfsrv_descript *nd, __unused int isdgram, } maxcnt = fxdr_unsigned(int, *tl); + /* + * There is no fixed upper bound defined in the RFCs, + * but 128Kbytes should be more than sufficient. + */ + if (maxcnt < 0 || maxcnt > 131072) + maxcnt = 0; if (maxcnt > 0) { layp = malloc(maxcnt + 1, M_TEMP, M_WAITOK); error = nfsrv_mtostr(nd, (char *)layp, maxcnt); diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index e9acacb27cbd..67f615ecea7c 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -7301,7 +7301,7 @@ nfsrv_layoutreturn(struct nfsrv_descript *nd, vnode_t vp, } NFSDRECALLUNLOCK(); } - if (layouttype == NFSLAYOUT_FLEXFILE) + if (layouttype == NFSLAYOUT_FLEXFILE && layp != NULL) nfsrv_flexlayouterr(nd, layp, maxcnt, p); } else if (kind == NFSV4LAYOUTRET_FSID) nfsrv_freelayouts(&nd->nd_clientid,