svn commit: r365935 - stable/11/sys/fs/nfsserver

Rick Macklem rmacklem at FreeBSD.org
Mon Sep 21 01:39:01 UTC 2020 

Author: rmacklem
Date: Mon Sep 21 01:39:00 2020
New Revision: 365935
URL: https://svnweb.freebsd.org/changeset/base/365935

Log:
  MFC: r365703
  Fix a case where the NFSv4.0 server might crash if delegations are enabled.
  
  asomers@ reported a crash on an NFSv4.0 server with a backtrace of:
  kdb_backtrace
  vpanic
  panic
  nfsrv_docallback
  nfsrv_checkgetattr
  nfsrvd_getattr
  nfsrvd_dorpc
  nfssvc_program
  svc_run_internal
  svc_thread_start
  fork_exit
  fork_trampoline
  where the panic message was "docallb", which indicates that a callback
  was attempted when the ClientID is unconfirmed.
  This would not normally occur, but it is possible to have an unconfirmed
  ClientID structure with delegation structure(s) chained off it if the
  client were to issue a SetClientID with the same "id" but different
  "verifier" after acquiring delegations on the previously confirmed ClientID.
  
  The bug appears to be that nfsrv_checkgetattr() failed to check for
  this uncommon case of an unconfirmed ClientID with a delegation structure
  that no longer refers to a delegation the client knows about.
  
  This patch adds a check for this case, handling it as if no delegation
  exists, which is the case when the above occurs.
  Although difficult to reproduce, this change should avoid the panic().
  
  PR:		249127

Modified:
  stable/11/sys/fs/nfsserver/nfs_nfsdstate.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/fs/nfsserver/nfs_nfsdstate.c
==============================================================================
--- stable/11/sys/fs/nfsserver/nfs_nfsdstate.c	Mon Sep 21 00:50:32 2020	(r365934)
+++ stable/11/sys/fs/nfsserver/nfs_nfsdstate.c	Mon Sep 21 01:39:00 2020	(r365935)
@@ -5572,8 +5572,14 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t 
 		goto out;
 	}
 	clp = stp->ls_clp;
-	delegfilerev = stp->ls_filerev;
 
+	/* If the clientid is not confirmed, ignore the delegation. */
+	if (clp->lc_flags & LCL_NEEDSCONFIRM) {
+		NFSUNLOCKSTATE();
+		goto out;
+	}
+
+	delegfilerev = stp->ls_filerev;
 	/*
 	 * If the Write delegation was issued as a part of this Compound RPC
 	 * or if we have an Implied Clientid (used in a previous Op in this

More information about the svn-src-all mailing list