From nobody Tue May 07 19:54:45 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VYpsH1q5Sz5JY6B for ; Tue, 07 May 2024 19:54:59 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VYpsG3x1Kz4yKv for ; Tue, 7 May 2024 19:54:58 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=LMqvQUBN; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2607:f8b0:4864:20::42c as permitted sender) smtp.mailfrom=rick.macklem@gmail.com Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-6f44881ad9eso2868953b3a.3 for ; Tue, 07 May 2024 12:54:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715111697; x=1715716497; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=RcQuBmg66kjxWUklbvctRXTkeUblvkmD9MtpiZwqHNk=; b=LMqvQUBN3Ms0oTbWywhGLgvTV0tBaWQSyAuSYNgnknJgwzDDa8mP79Rth1VNKd/Fyq JnVVWBFI5iEjWCuLB83ym8+W/cbUkmOuthcJ94YjceuTJRaZdAzC+WOr12m3tqoq6Z8/ p7lO2/wdFuT/bnS1FXxUCR7YLQr1n5o9E24ljBehyJzBCNd6GN30rH22NWKl0GpbvP6C 6BnWEWXOXtPEDxxjKGARVRVZj11/Bsv4bZis1v/X9txD98iwMH5CvyaUoWWnrkr4mYRS JtzpdxoUp7UCuOGHPw+cQTJyZ9+5hIE+UqMT0hEMpaMj1sxofNrzh0GQsO+lFuR0UHpC 1qCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715111697; x=1715716497; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=RcQuBmg66kjxWUklbvctRXTkeUblvkmD9MtpiZwqHNk=; b=pG3GQxaaTkcl6t9sgESLbB1ui/sJVTl65b7raoz5gFX5Dvp42ErrwLPL25Xfuqs6r/ HmqbvQeK06olbpvUa9mqWXDN2VEbADJkI5AgnTlALYPErJfFnTqQItvPnDRkpRWbxn6w lcnlbwFATb7qfzTGu4s9hkX1iyIjlTbiApseledbDPo1AZEZD9PC2Id9WKWEFcI+Ko9J 3hFQ1+6gwCjBWZNRMwX+K+egByE3uqCb+N9wr7+JUHQUkewYch2eU2MI3LSQcViEcmz2 DhA5rucRLbTXJUZXQAiaDydaupKj6MAGTPs6X5NqIBo7xXevu4O6Df9WeK+PxbG0ERiQ oHxw== X-Gm-Message-State: AOJu0YzLla72ZaB9Ft1LpOinJVZ20M3z1gu5LrP18FTEnYllnmrU1eLi oSrL4aIWQ3spuUIivmxIJjvRqAUxQwMxro4kFpN64gTqv9sE//CscKWA82uX4nvkN30dbf9SAzs 7atAklG5aKExEBXekDVgEqD+WO0Xl X-Google-Smtp-Source: AGHT+IHqwNh1FNWJkiH68JRrwgcBT9vdFR+FiopVEJw4RtPGEdAeu2OkelEYMnWvEyCnC+STM7Pq0NNx+G90FyzPY6s= X-Received: by 2002:a05:6a00:1387:b0:6ea:d7b6:f4b4 with SMTP id d2e1a72fcca58-6f49c292487mr812632b3a.21.1715111697015; Tue, 07 May 2024 12:54:57 -0700 (PDT) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 From: Rick Macklem Date: Tue, 7 May 2024 12:54:45 -0700 Message-ID: Subject: Warning: do not enable NFSv4 delegations for a 13.3 NFS server To: freebsd-stable@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.95 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-0.999]; NEURAL_HAM_SHORT(-0.95)[-0.948]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::42c:from] X-Rspamd-Queue-Id: 4VYpsG3x1Kz4yKv Hi, I boned up and, when wireshark reported that a NFSv4 packet was incorrectly constructed, I changed the NFSv4 code the "fix" the problem. I found out recently (at a IETF NFSv4 testing event) that wireshark was buggy and the code was actually broken by the "fix". I have now corrected this in main, stable/14 and stable/13. (Commit 54c3aa02e926 in main.) However, FreeBSD 13.3 shipped with this broken. The bug only affects the NFSv4 server if delegations are enabled, which is not the default. As such, so long as "vfs.nfsd.issue_delegations == 0". you should be fine. rick ps: Since few enable delegations, I do not feel this needs an errata for FreeBSD 13.3. .