Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1748982ybv; Fri, 21 Feb 2020 02:51:36 -0800 (PST) X-Google-Smtp-Source: APXvYqw5J95GzwalpuUCZnnCQP9u8b9Bjl97u/8LQ8o3PxNg1eX8MpdxQQUg0Ij+hfJy8i1/u65A X-Received: by 2002:a54:408f:: with SMTP id i15mr1421632oii.64.1582282296439; Fri, 21 Feb 2020 02:51:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582282296; cv=none; d=google.com; s=arc-20160816; b=PKkwNdbZsy6RVhybW0Ru6r8yi/GorLN+EsqxJVziPT/ITQY+kNNGewNKlW1im6GqDk ROKWK+8X9sz4zlfyxRQq3Fv/2xhATTDjM1N2UschsFidKO2CjzXvjlCRRQt4ZjeerhpM dOTgzR/xm8f+5v8t1cRwZFU4RCfdmfQEoPlzaCMd9kUHWeJrTIM9UydNsdqSxGJaQUF5 DV2u9gbu9USqt2QCbBuC5OmXfuTxZYdITaKZtsGiz+dex/f5s983Ggx3Xl1uxVCAQMXD rdlFI1U4XXAOsNAa8aMbGHv7ScVPEh6iz/tenI3SNUcnqY4KTVYbZws6UPXyyvDnkDVb LwRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=OAkia7r5i18NxYQjXQ55DBwYgz9EaZ9LWHBZ32430e0=; b=rLuN5d0PDr2lbKr+iaBhTSPeV2e4oCCqZnlnvV25zH6sSfSHFCoLplCVqOCMPGfkiv D75OiamKG31HW8vsA/HSAsFwnBcIIg8OtRXOjdO7LV+Dfs+Jcp5Sq5fo6Fl9Wk7KHbxc QW74l8AW7M4mU5Fxa3HBKpJufaGBQGktk5A9Bu7WX5EYmRaMI029+aEHxTVq+UmiFl4T RRqnNC9LBxPDXSHZX7q6NEBJtyZmHtnbCv4n2J9/yQ/d2LS0lAfA3R2RZAAnb0yIbW66 IEu85xE2eLv9Fkh3zjZq44EkgQhZDlxoyqyQ9BcJx1TqqNpPNmriMc2JJ+tRZzjO3SWm l47Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k4si1230660otp.186.2020.02.21.02.51.22; Fri, 21 Feb 2020 02:51:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727161AbgBUKvG (ORCPT + 99 others); Fri, 21 Feb 2020 05:51:06 -0500 Received: from jabberwock.ucw.cz ([46.255.230.98]:52580 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726100AbgBUKvG (ORCPT ); Fri, 21 Feb 2020 05:51:06 -0500 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id E277C1C013E; Fri, 21 Feb 2020 11:51:04 +0100 (CET) Date: Fri, 21 Feb 2020 11:51:04 +0100 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Dan Carpenter , "J. Bruce Fields" , Sasha Levin Subject: Re: [PATCH 4.19 011/191] nfsd4: avoid NULL deference on strange COPY compounds Message-ID: <20200221105104.GB14608@duo.ucw.cz> References: <20200221072250.732482588@linuxfoundation.org> <20200221072252.497508893@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WYTEVAkct0FjGQmd" Content-Disposition: inline In-Reply-To: <20200221072252.497508893@linuxfoundation.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --WYTEVAkct0FjGQmd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > With cross-server COPY we've introduced the possibility that the current > or saved filehandle might not have fh_dentry/fh_export filled in, but we > missed a place that assumed it was. I think this could be triggered by > a compound like: >=20 > PUTFH(foreign filehandle) > GETATTR > SAVEFH > COPY >=20 > First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op. > Then op_func =3D nfsd4_putfh runs and leaves current_fh->fh_export NULL. > need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE > set and GETATTR does not have OP_HANDLES_WRONGSEC set. >=20 > We should probably also consider tightening the checks in > check_if_stalefh_allowed and double-checking that we don't assume the > filehandle is verified elsewhere in the compound. But I think this > fixes the immediate issue. >=20 > Reported-by: Dan Carpenter > Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... " AFAICT 4e48f1cccab3 "NFSD: allow inter server COPY to have... " is not part of 4.19 series, so this should not be needed in 4.19. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --WYTEVAkct0FjGQmd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCXk+2GAAKCRAw5/Bqldv6 8hswAJ0R1GPV/moKaqjD73lr/urr6ZXnWQCdG+RLCYLWVzmMmmeSURqgOVOgM7U= =V2KQ -----END PGP SIGNATURE----- --WYTEVAkct0FjGQmd--