svn commit: r336899 - in stable/10/sys/fs: nfs nfsclient

Mon Jul 30 12:17:12 UTC 2018

Author: rmacklem
Date: Mon Jul 30 12:17:10 2018
New Revision: 336899
URL: https://svnweb.freebsd.org/changeset/base/336899

Log:
  MFC: r334966
  Add a couple of safety belt checks to the NFSv4.1 client related to sessions.
  
  There were a couple of cases in newnfs_request() that it assumed that it
  was an NFSv4.1 mount with a session. This should always be the case when
  a Sequence operation is in the reply or the server replies NFSERR_BADSESSION.
  However, if a server was broken and sent an erroneous reply, these safety
  belt checks should avoid trouble.
  The one check required a small tweak to nfsmnt_mdssession() so that it
  returns NULL when there is no session instead of the offset of the field
  in the structure (0x8 for i386).
  This patch should have no effect on normal operation of the client.
  Found by inspection during pNFS server development.

Modified:
  stable/10/sys/fs/nfs/nfs_commonkrpc.c
  stable/10/sys/fs/nfsclient/nfsmount.h
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/fs/nfs/nfs_commonkrpc.c
==============================================================================

--- stable/10/sys/fs/nfs/nfs_commonkrpc.c	Mon Jul 30 12:10:23 2018	(r336898)
+++ stable/10/sys/fs/nfs/nfs_commonkrpc.c	Mon Jul 30 12:17:10 2018	(r336899)
@@ -850,9 +850,9 @@ tryagain:
 			if ((nmp != NULL && i == NFSV4OP_SEQUENCE && j != 0) ||
 			    (clp != NULL && i == NFSV4OP_CBSEQUENCE && j != 0))
 				NFSCL_DEBUG(1, "failed seq=%d\n", j);
-			if ((nmp != NULL && i == NFSV4OP_SEQUENCE && j == 0) ||
-			    (clp != NULL && i == NFSV4OP_CBSEQUENCE && j == 0)
-			    ) {
+			if (((nmp != NULL && i == NFSV4OP_SEQUENCE && j == 0) ||
+			    (clp != NULL && i == NFSV4OP_CBSEQUENCE &&
+			    j == 0)) && sep != NULL) {
 				if (i == NFSV4OP_SEQUENCE)
 					NFSM_DISSECT(tl, uint32_t *,
 					    NFSX_V4SESSIONID +
@@ -894,7 +894,8 @@ tryagain:
 		}
 		if (nd->nd_repstat != 0) {
 			if (nd->nd_repstat == NFSERR_BADSESSION &&
-			    nmp != NULL && dssep == NULL) {
+			    nmp != NULL && dssep == NULL &&
+			    (nd->nd_flag & ND_NFSV41) != 0) {
 				/*
 				 * If this is a client side MDS RPC, mark
 				 * the MDS session defunct and initiate

Modified: stable/10/sys/fs/nfsclient/nfsmount.h
==============================================================================
--- stable/10/sys/fs/nfsclient/nfsmount.h	Mon Jul 30 12:10:23 2018	(r336898)
+++ stable/10/sys/fs/nfsclient/nfsmount.h	Mon Jul 30 12:17:10 2018	(r336899)
@@ -122,8 +122,10 @@ nfsmnt_mdssession(struct nfsmount *nmp)
 {
 	struct nfsclsession *tsep;
 
+	tsep = NULL;
 	mtx_lock(&nmp->nm_mtx);
-	tsep = NFSMNT_MDSSESSION(nmp);
+	if (TAILQ_FIRST(&nmp->nm_sess) != NULL)
+		tsep = NFSMNT_MDSSESSION(nmp);
 	mtx_unlock(&nmp->nm_mtx);
 	return (tsep);
 }
