Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp631590ybv; Sat, 22 Feb 2020 11:03:24 -0800 (PST) X-Google-Smtp-Source: APXvYqw0IP5b0279zT2Hf/3qCWKbhOIuqWAuzFQJ7awzoLEYuVwwZqdkF+9pNCXzYPT90I/dz3TF X-Received: by 2002:a05:6808:b29:: with SMTP id t9mr7116036oij.69.1582398204316; Sat, 22 Feb 2020 11:03:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582398204; cv=none; d=google.com; s=arc-20160816; b=CVdVn5XnXRL8J0XKXkgKZpk/aqPMjde88jQ9Mn5Jqy8Wty3EoltMoHWcUfPblhFy/1 DI49bD1OFq6nbqv7TqF2BcRWow6Hy4rC1lNjsktWwky7ZfrTzR7711BayUeu+wWyNmId M/4rE29p7wMaXw85mr64b/bcPMWDPOZAxkzom2LyBXsyF2jlgYY6Yb62Zc/xv8+lM7BY tAXEsuNNU6ASVQGqj/ARoz/oTc3FW2taC0cI95RQb8GNRFPm80d76wFS6GqmR4E72bPN x/jQ4gMvFzoYEAnznxARbt09BvK8X1ATRr+ObW60847RIS/iLBxHycPcD5+CfyY2AlVg vIiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=WVJUAaX3tqrK6nLLeaHppBocm1H4FXrxrThqL00v87Q=; b=D1gYGC2hNm9B98RXXrMfs0z8y0QV1sr6f1WKeMCQI60Flqrb7ijYWqFmiUvMaNcQBz /s+suKiXiXU2aw3STuuTqYKBFfm9/sH+Zb/+Zikaq438O0Hf/ShMw0dYe1A5+gYqfc0S BOsNJGb/6tPzRnfYWVlyscDckFEoaki+MCQfj2XazJGSgX2cwsltfavtMnXR/6LUmqy7 5Y99aQ9PPwDy5FdPw/nGqiVgsEOywwsePAyrGTe/DSzTzEAoDT5PNM1g8U6sUL18X3ic aqrYhSsiXPL/a7Y5fJjuG41rbgUw+kobUH20bag9a3DGcD/zyjXD6xLgCWKHuSCjso+p vgCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2BkUXwoX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m24si4061571otn.67.2020.02.22.11.03.11; Sat, 22 Feb 2020 11:03:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2BkUXwoX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726817AbgBVTCD (ORCPT + 99 others); Sat, 22 Feb 2020 14:02:03 -0500 Received: from mail.kernel.org ([198.145.29.99]:49420 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726550AbgBVTCD (ORCPT ); Sat, 22 Feb 2020 14:02:03 -0500 Received: from localhost (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 89C3B206EF; Sat, 22 Feb 2020 19:02:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582398122; bh=1rkRBZi5YP+19xd/13OkEarv3q1ztt2FziYQzWdvT4w=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=2BkUXwoXXgsAiOuQlo/y0EOPQiMVeg1gnI84VSykIP7XcQI5c7I3ZZE/sqdHZ7ur9 dNNwM9ZquPy4LdL0vkAsqoT9tG3pFevEDOt2d9N/tUfuLIBCWWLndFR+eEZBukdnZy pc6yjvuyJOXRrqx+Nr66tfaH06l01pbvZje7gNqQ= Date: Sat, 22 Feb 2020 14:02:01 -0500 From: Sasha Levin To: Pavel Machek Cc: Greg Kroah-Hartman , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Dan Carpenter , "J. Bruce Fields" Subject: Re: [PATCH 4.19 011/191] nfsd4: avoid NULL deference on strange COPY compounds Message-ID: <20200222190201.GC26320@sasha-vm> References: <20200221072250.732482588@linuxfoundation.org> <20200221072252.497508893@linuxfoundation.org> <20200221105104.GB14608@duo.ucw.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20200221105104.GB14608@duo.ucw.cz> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 21, 2020 at 11:51:04AM +0100, Pavel Machek wrote: >Hi! > >> With cross-server COPY we've introduced the possibility that the current >> or saved filehandle might not have fh_dentry/fh_export filled in, but we >> missed a place that assumed it was. I think this could be triggered by >> a compound like: >> >> PUTFH(foreign filehandle) >> GETATTR >> SAVEFH >> COPY >> >> First, check_if_stalefh_allowed sets no_verify on the first (PUTFH) op. >> Then op_func = nfsd4_putfh runs and leaves current_fh->fh_export NULL. >> need_wrongsec_check returns true, since this PUTFH has OP_IS_PUTFH_LIKE >> set and GETATTR does not have OP_HANDLES_WRONGSEC set. >> >> We should probably also consider tightening the checks in >> check_if_stalefh_allowed and double-checking that we don't assume the >> filehandle is verified elsewhere in the compound. But I think this >> fixes the immediate issue. >> >> Reported-by: Dan Carpenter >> Fixes: 4e48f1cccab3 "NFSD: allow inter server COPY to have... " > >AFAICT 4e48f1cccab3 "NFSD: allow inter server COPY to have... " is not >part of 4.19 series, so this should not be needed in 4.19. Not only 4e48f1cccab3 isn't in 4.19, it isn't in any tree! :) Looks like an error in the patch, I'll drop this commit from everywhere. -- Thanks, Sasha