From nobody Fri Dec 10 01:07:27 2021
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B84A918D5F38;
	Fri, 10 Dec 2021 01:07:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4J9CRz3cCxz4gMt;
	Fri, 10 Dec 2021 01:07:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5BFD4117B9;
	Fri, 10 Dec 2021 01:07:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BA17RAa040903;
	Fri, 10 Dec 2021 01:07:27 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BA17R2Y040902;
	Fri, 10 Dec 2021 01:07:27 GMT
	(envelope-from git)
Date: Fri, 10 Dec 2021 01:07:27 GMT
Message-Id: <202112100107.1BA17R2Y040902@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 0f2244008573 - stable/12 - nfsd: Add checks for layout errors in LayoutReturn
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 0f2244008573e4a3d8dd4131972eefbf1bec681e
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1639098447;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UtvCQNW5SpNhy63EXZ6ij2PXumgYgjgq4Kvl3lI/TbM=;
	b=enwiYokibql+e2YzuToYJQrrxeeDT3QYyKB4XTAeF3ArG5eqbecN2mPMT4Od5iIrb9lytq
	UBV6U51fwhMHNd3YY5x7bZp/cmZlG5cig627lHHV2kHqCkS9CQeRkZCve2fr1fF3akM7tQ
	aRPJ/wh6v4c+pSqfeHI7NxVhxAsERjQjQ4WM1uMa48be2rWo8n6yfNCs6kMh98FBgTWlSa
	eGCb34l3pKQaqpAx7jajkHvoZRUx3XDhU1VMuiW57KmREbkoO7zitg5EL7HgLC/q7NqnAE
	aiM20xYg4Svrk6SyKBmuvQWEh3uhkT/B6+0dVv68zcpu99auB/ySuBRDzNi93w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639098447; a=rsa-sha256; cv=none;
	b=k7CGOadiI09d2SHkV9cMbH44AfIHBnffoT0bVhO6t1LDm8r2jpygaS3NM4laW47Szsu7UN
	NRfzKqlVH9XjEornZJpUykHvvbEXEB0WFcCIXycfs3d+IY1kr0ZaTYV0Y/NQQ3eTO63Key
	sDmnZyz9hhEwoKOjxTm6GXFRm9qWAC7Rxcl4b/B+1h2v73TuzFuR5UzHBkadUwYJgPghIW
	IZXzULp9pEBhBOESxfyRTwCcvYcWF7Cl3PqDz8gNFxVsy1OCHeCX46dwFkb6FhXaV4DSKh
	xFYix/a94cYbLwAdJvV3PNjrow9d2vKOtB/jZoUa7e1CSg67ietOFRhb0v4huw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/12 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=0f2244008573e4a3d8dd4131972eefbf1bec681e

commit 0f2244008573e4a3d8dd4131972eefbf1bec681e
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-11-26 23:42:32 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-12-10 01:04:17 +0000

    nfsd: Add checks for layout errors in LayoutReturn
    
    For a LayoutReturn when using the Flexible File Layout,
    error reports may be provided in the request.
    Sanity check the size of these error reports and
    check that they exist before calling nfsrv_flexlayouterr().
    
    PR:     260012
    
    (cherry picked from commit bdd57cbb1bdafcf2ebffa73c52f0fffc9410ea7b)
---
 sys/fs/nfsserver/nfs_nfsdserv.c  | 6 ++++++
 sys/fs/nfsserver/nfs_nfsdstate.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c
index cd10b735ee34..a7f7debc11a6 100644
--- a/sys/fs/nfsserver/nfs_nfsdserv.c
+++ b/sys/fs/nfsserver/nfs_nfsdserv.c
@@ -4708,6 +4708,12 @@ nfsrvd_layoutreturn(struct nfsrv_descript *nd, __unused int isdgram,
 		}
 
 		maxcnt = fxdr_unsigned(int, *tl);
+		/*
+		 * There is no fixed upper bound defined in the RFCs,
+		 * but 128Kbytes should be more than sufficient.
+		 */
+		if (maxcnt < 0 || maxcnt > 131072)
+			maxcnt = 0;
 		if (maxcnt > 0) {
 			layp = malloc(maxcnt + 1, M_TEMP, M_WAITOK);
 			error = nfsrv_mtostr(nd, (char *)layp, maxcnt);
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index 3423eddc7366..d9235ab783c6 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -7264,7 +7264,7 @@ nfsrv_layoutreturn(struct nfsrv_descript *nd, vnode_t vp,
 			}
 			NFSDRECALLUNLOCK();
 		}
-		if (layouttype == NFSLAYOUT_FLEXFILE)
+		if (layouttype == NFSLAYOUT_FLEXFILE && layp != NULL)
 			nfsrv_flexlayouterr(nd, layp, maxcnt, p);
 	} else if (kind == NFSV4LAYOUTRET_FSID)
 		nfsrv_freelayouts(&nd->nd_clientid,