Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp961108ybl; Wed, 4 Dec 2019 14:06:48 -0800 (PST) X-Google-Smtp-Source: APXvYqzb5qVHLLqem5vRVDjMCmGPhqmhBSlwYArZTMmeOvyxhEAMNUn95DHcp8tpYKBy9bLMIXHX X-Received: by 2002:a9d:6196:: with SMTP id g22mr4410797otk.204.1575497208721; Wed, 04 Dec 2019 14:06:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575497208; cv=none; d=google.com; s=arc-20160816; b=YF4Beu7dEA3v392IpKu6r7AVb9jHxGVvNm08e+8n4pS07Oz8VV36DRJQ0mxNQNHU+s I3tgkBtMyJ/giPmm7cY55ZG8YVYccUxKoE60X0opkoyw6IgQxMno/lq/XFEk/7xvwiBR x9mg5DltO4V49XVelvTOk1Lto8BZ85A7q3uwCHY6WS4VWay/AlMFgybC0X4TvGt9Y+b7 iOQELwLH0lIRzSO85BkGwQd5TP8VBQLKtoQcHsBdnQiOeZH+ed4SfFeOJj1Ya6fqUSs7 vtS8nAFpDCNEgAlVXuCtg2hrAN6x8TDPRmP8+RmlxA26KgK5B/H626MOQkm7I5+gTDiA NDIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:user-agent:in-reply-to:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=m55CO8CBAIKx9SguUpvW29A4gHb3+8QmzZduPO/m46M=; b=f+fCPZZ0Sqs7bOVwLj++e4a1A1W7wTLSLU8AwsBLX53wGEczsYir5nPxnnXS1F26ia epZ9ObieXeFg9pxLrr0Mer6Sgewmwas6qVspM+rnWMhS4PBk/pLqAhZ9clSQCiYGgPr1 MvefiaEWqWKcgUYo17p9L7uRbfzQquQo4m4JIgDmpdXHrXOtwwsyK84Jl8AW72yj3KmC JLVsPdTi1fPxULoj+eyHbxEwVeLQ9OSVaPEzKYsnqgOwM00fV4WWWc/sK5/E8X/2yO1m jfmp8g+/2mGKPS+mH+7notFeoNru7Nq0JpJNkeQwFfxHKWKd4S5jlVmBDzQivuV3fPPO qBgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="iPUgG/1l"; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8si4161649otk.183.2019.12.04.14.06.25; Wed, 04 Dec 2019 14:06:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="iPUgG/1l"; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728142AbfLDWEn (ORCPT + 99 others); Wed, 4 Dec 2019 17:04:43 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:22113 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727989AbfLDWEm (ORCPT ); Wed, 4 Dec 2019 17:04:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1575497080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m55CO8CBAIKx9SguUpvW29A4gHb3+8QmzZduPO/m46M=; b=iPUgG/1lJTGX97LrYs3M0NpOiIb3HOzMFsu5Td8m8HJmRCvE7UGoR+PWA0iOE4oyFSAlGJ FpW3oVSMV1swWoPclrHEnMSK79Y09EZWHG3dKjIE65P7n7QwkZdy2fPW4TGwNH/JOaESCu KnTT+cAiDDEWp+kW9Xw0FmtSwRpdBfA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-84-SwhPSyx1MjGxMZmEPOUoHg-1; Wed, 04 Dec 2019 17:04:37 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4A9A2100550E; Wed, 4 Dec 2019 22:04:36 +0000 (UTC) Received: from pick.fieldses.org (ovpn-116-114.phx2.redhat.com [10.3.116.114]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1A19B5D6AE; Wed, 4 Dec 2019 22:04:36 +0000 (UTC) Received: by pick.fieldses.org (Postfix, from userid 2815) id 1C46A12023A; Wed, 4 Dec 2019 17:04:35 -0500 (EST) Date: Wed, 4 Dec 2019 17:04:35 -0500 From: "J. Bruce Fields" To: Olga Kornievskaia Cc: Dan Carpenter , linux-nfs Subject: Re: [bug report] NFSD: allow inter server COPY to have a STALE source server fh Message-ID: <20191204220435.GG40361@pick.fieldses.org> References: <20191204080039.ixjqetefkzzlldyt@kili.mountain> MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: SwhPSyx1MjGxMZmEPOUoHg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Dec 04, 2019 at 03:11:01PM -0500, Olga Kornievskaia wrote: > On Wed, Dec 4, 2019 at 3:00 AM Dan Carpenter w= rote: > > > > Hello Olga Kornievskaia, > > > > This is a semi-automatic email about new static checker warnings. > > > > The patch 4e48f1cccab3: "NFSD: allow inter server COPY to have a > > STALE source server fh" from Oct 7, 2019, leads to the following > > Smatch complaint: > > > > fs/nfsd/nfs4proc.c:2371 nfsd4_proc_compound() > > error: we previously assumed 'current_fh->fh_export' could be null= (see line 2325) > > > > fs/nfsd/nfs4proc.c > > 2324 } > > 2325 } else if (current_fh->fh_export && > > ^^^^^^^^^^^^^^^^^^^^^ > > The patch adds a check for NULL > > > > 2326 current_fh->fh_export->ex_fslocs.mig= rated && > > 2327 !(op->opdesc->op_flags & ALLOWED_ON_A= BSENT_FS)) { > > 2328 op->status =3D nfserr_moved; > > 2329 goto encode_op; > > 2330 } > > 2331 > > 2332 fh_clear_wcc(current_fh); > > 2333 > > 2334 /* If op is non-idempotent */ > > 2335 if (op->opdesc->op_flags & OP_MODIFIES_SOMETHIN= G) { > > 2336 /* > > 2337 * Don't execute this op if we couldn't= encode a > > 2338 * succesful reply: > > 2339 */ > > 2340 u32 plen =3D op->opdesc->op_rsize_bop(r= qstp, op); > > 2341 /* > > 2342 * Plus if there's another operation, m= ake sure > > 2343 * we'll have space to at least encode = an error: > > 2344 */ > > 2345 if (resp->opcnt < args->opcnt) > > 2346 plen +=3D COMPOUND_ERR_SLACK_SP= ACE; > > 2347 op->status =3D nfsd4_check_resp_size(re= sp, plen); > > 2348 } > > 2349 > > 2350 if (op->status) > > 2351 goto encode_op; > > 2352 > > 2353 if (op->opdesc->op_get_currentstateid) > > 2354 op->opdesc->op_get_currentstateid(cstat= e, &op->u); > > 2355 op->status =3D op->opdesc->op_func(rqstp, cstat= e, &op->u); > > 2356 > > 2357 /* Only from SEQUENCE */ > > 2358 if (cstate->status =3D=3D nfserr_replay_cache) = { > > 2359 dprintk("%s NFS4.1 replay from cache\n"= , __func__); > > 2360 status =3D op->status; > > 2361 goto out; > > 2362 } > > 2363 if (!op->status) { > > 2364 if (op->opdesc->op_set_currentstateid) > > 2365 op->opdesc->op_set_currentstate= id(cstate, &op->u); > > 2366 > > 2367 if (op->opdesc->op_flags & OP_CLEAR_STA= TEID) > > 2368 clear_current_stateid(cstate); > > 2369 > > 2370 if (need_wrongsec_check(rqstp)) > > 2371 op->status =3D check_nfsd_acces= s(current_fh->fh_export, rqstp); > > = ^^^^^^^^^^^^^^^^^^^^^ > > Is it required here as well? >=20 > Bruce, correct me if I'm wrong but I think we are ok here. Because for > the COPY operation for which the current_fh->fh_export can be null, > need_wrongsec_check() would be false. Honestly.... I've spent a few minutes thinking about it, but haven't been able to come up either with an example where this will attempt a NULL dereference, or a convincing argument that it never will. I'll think about it some more and I'll figure it out. But I worry that the the logic is fragile. One other thing I noticed: in the no_verify case, we're depending on fh_verify returning a stale error on a foreign filehandle. But I don't think we can count on it. It might, by coincidence, turn out that fh_verify returns some other error, and then a legitimate COPY could fail for no reason. --b.