From patchwork Tue Nov 7 23:01:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew W Elble X-Patchwork-Id: 10047343 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 54F956032D for ; Tue, 7 Nov 2017 23:01:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48EDE2A0E8 for ; Tue, 7 Nov 2017 23:01:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3562129E83; Tue, 7 Nov 2017 23:01:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ECB942A159 for ; Tue, 7 Nov 2017 23:01:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757438AbdKGXBg (ORCPT ); Tue, 7 Nov 2017 18:01:36 -0500 Received: from discipline.rit.edu ([129.21.6.207]:36156 "HELO discipline.rit.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1751658AbdKGXBf (ORCPT ); Tue, 7 Nov 2017 18:01:35 -0500 Received: (qmail 62992 invoked by uid 501); 7 Nov 2017 23:01:35 -0000 From: Andrew Elble To: linux-nfs@vger.kernel.org, trond.myklebust@primarydata.com, bfields@fieldses.org Cc: Andrew Elble Subject: [PATCH] nfsd: check for use of the closed special stateid Date: Tue, 7 Nov 2017 18:01:23 -0500 Message-Id: <20171107230123.62054-1-aweits@rit.edu> X-Mailer: git-send-email 2.10.1 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Report on and prevent the use of the closed (invalid) special stateid by clients. Signed-off-by: Andrew Elble --- fs/nfsd/nfs4state.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 755b33284979..2b637137fecd 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -73,6 +73,7 @@ #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t))) #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t))) #define CURRENT_STATEID(stateid) (!memcmp((stateid), ¤tstateid, sizeof(stateid_t))) +#define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t))) /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); @@ -4875,13 +4876,35 @@ static __be32 nfsd4_check_openowner_confirmed(struct nfs4_ol_stateid *ols) return nfs_ok; } +static inline __be32 +bad_special_stateid_check(struct nfs4_client *cl, stateid_t *stateid) +{ + if (CLOSE_STATEID(stateid)) { + char addr_str[INET6_ADDRSTRLEN]; + + rpc_ntop((struct sockaddr *)&cl->cl_addr, addr_str, + sizeof(addr_str)); + pr_warn_ratelimited("NFSD: client %s using " + "invalid/closed stateid\n", + addr_str); + return nfserr_bad_stateid; + } + + if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) + return nfserr_bad_stateid; + + return nfs_ok; +} + static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) { struct nfs4_stid *s; - __be32 status = nfserr_bad_stateid; + __be32 status; - if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) + status = bad_special_stateid_check(cl, stateid); + if (status) return status; + status = nfserr_bad_stateid; /* Client debugging aid. */ if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) { char addr_str[INET6_ADDRSTRLEN]; @@ -4938,8 +4961,9 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) else if (typemask & NFS4_DELEG_STID) typemask |= NFS4_REVOKED_DELEG_STID; - if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) - return nfserr_bad_stateid; + status = bad_special_stateid_check(cstate->clp, stateid); + if (status) + return status; status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn); if (status == nfserr_stale_clientid) { if (cstate->session)