Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp848841pxj; Wed, 2 Jun 2021 13:07:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjEF1j8tDsuvybumu39Z4zj1PExfpWQIqq+GQgVGGIPO1ZbmJMBdic5Quek0z3VldrnCRu X-Received: by 2002:a17:906:4e91:: with SMTP id v17mr6700161eju.119.1622664433306; Wed, 02 Jun 2021 13:07:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622664433; cv=none; d=google.com; s=arc-20160816; b=rqRkQicDOQTncNiLVuy+AIJ9g1KWqrup1zCzbh27SC4cuf+8ismI+wn3PTgug/AEOu 4ZBSc6jVPYLtH6iROhiNg+UQs25eguMDeXGJcScT6qwh3lwec7dsR+7A9kErX0QOEqpD 9inX7ymlZsu4P/U2hRy2C0YmvGyplsjgbrUCr5ADfNo3OkcWzYDgkSBk2IZ/nOnzCPDa DaP7VuVcMVdDdqIi42Twqza9LM7PIWYhAmQyGmS4TuWFhEg8F/QvCx4FVB9RuN6cGkEy LV4tPNTt7Xmuglwf7QNsoB1Un0vn8MPizrIu7VebfAldd0TYVJNqig+bYwJvXzgTtGlZ fjkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-filter; bh=P5oTm09B6iv9wzn0BcoXtFFBSDx9zqbVYl0t9GRVe7Y=; b=BBFVV8tU5wb8gih18cWlwEi4BXuhOFY+9bcoKO2XPDupZaIzRkEJPtGDGTkOkqaf48 z1vaI05n+bBnZGqkh2V9LwFhgoWCBpyaxjusRpjty4P/Bxhx0qoWiOJyRk3cGaUJQLoo AzxykcKJe9HueQVfpSFIAJEkaMqpRb5FKLXmOfKFp/G5jqLrfd2T+n0iueiQtEExmzmn watF274quBJNmjy34bIOonXXCstzxd9nMRWj1UbzJcWY9tvqnegbISW8jOgKo7pTMRQO lQDTeVvezPmkeTXVhtm9VRS38PkxA89nZW2ymEGg5hmUn3NbR35Gu+g8Zdzs8J/nO5tE yBCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=oqGMsqDP; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c14si672625edr.309.2021.06.02.13.06.49; Wed, 02 Jun 2021 13:07:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=oqGMsqDP; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229892AbhFBUFx (ORCPT + 99 others); Wed, 2 Jun 2021 16:05:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57724 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229489AbhFBUFv (ORCPT ); Wed, 2 Jun 2021 16:05:51 -0400 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A1C6C061756 for ; Wed, 2 Jun 2021 13:04:08 -0700 (PDT) Received: by fieldses.org (Postfix, from userid 2815) id 857E46D0D; Wed, 2 Jun 2021 16:04:07 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 857E46D0D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1622664247; bh=P5oTm09B6iv9wzn0BcoXtFFBSDx9zqbVYl0t9GRVe7Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=oqGMsqDPGU8+lmGAmXkCPfJkL1ynlya2/TuUQwQoZ5tNYkuQp16aNaiXfnrUcAdZP 0kVRG4M+KMfX8I646m1ORjNgFVc8ErR3Vxe9tWXcen2j7yYqoZ9l7F0uRRwUbm1E+X ENUHQOtUuxGi2UQNEOhRwNw2Icig6KLqruR+Og1w= Date: Wed, 2 Jun 2021 16:04:07 -0400 From: "J. Bruce Fields" To: David Wysochanski Cc: linux-nfs Subject: Re: BUG: KASAN: use-after-free in find_clp_in_name_tree.isra.0+0x13e/0x190 [nfsd] Message-ID: <20210602200407.GB6995@fieldses.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Jun 02, 2021 at 02:13:02PM -0400, David Wysochanski wrote: > I was testing your nfsd-next branch (plus my modified v3 callback > address and state patch I just sent) and saw this on console after a > simple test of mount, umount, mount cycle of a NFSv4.1 mount. Oops, thanks, it just needs this, I think; maybe I'd've caught that bug earlier if I'd actually posted that patch. Doing that now.... --b. commit 70d6ebca5248 Author: J. Bruce Fields Date: Wed Jun 2 15:50:45 2021 -0400 foldme diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 967912b4a7dd..6c64ce93510f 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -2841,6 +2841,7 @@ move_to_confirmed(struct nfs4_client *clp) list_move(&clp->cl_idhash, &nn->conf_id_hashtbl[idhashval]); rb_erase(&clp->cl_namenode, &nn->unconf_name_tree); add_clp_to_name_tree(clp, &nn->conf_name_tree); + set_bit(NFSD4_CLIENT_CONFIRMED, &clp->cl_flags); trace_nfsd_clid_confirmed(&clp->cl_clientid); renew_client_locked(clp); }