| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a4bdb6dd9d20fecce52a3fd35650aadc52d2e05e.camel@kernel.org> Date: Thu, 13 Feb 2025 07:52:05 -0500 From: Jeff Layton <jlayton@...nel.org> To: NeilBrown <neilb@...e.de> Cc: Chuck Lever <chuck.lever@...cle.com>, Olga Kornievskaia <okorniev@...hat.com>, Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>, linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() On Thu, 2025-02-13 at 08:13 +1100, NeilBrown wrote: > On Thu, 13 Feb 2025, Jeff Layton wrote: > > When a delegation is revoked, it's initially marked with > > SC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked > > with the SC_STATUS_FREEABLE flag, which denotes that it is waiting for > > s FREE_STATEID call. > > > > nfs4_lookup_stateid() accepts a statusmask that includes the status > > flags that a found stateid is allowed to have. Currently, that mask > > never includes SC_STATUS_FREEABLE, which means that revoked delegations > > are (almost) never found. > > > > Add SC_STATUS_FREEABLE to the always-allowed status flags. > > There are 4 calls to nfsd4_lookup_stateid(). One already has > SC_STATUS_FREEABLE passed. Which of the others need it? > If all of them, then this patch is sensible but should also remove the > flag in the one place it is already passed. > If only one other call needs it, then maybe we should just pass it > there? > > Could you at least include in the description some detail of what > request is failing and which particular nfsd4_lookup_stateid() call is > relevant in that case? > > Thanks, > NeilBrown > I think they all need it. The DELEG8 test gets a delegation, and then lets the lease time out. It then does a READ op and tests that it gets back NFS4ERR_DELEG_REVOKED. The read path calls nfs4_preprocess_stateid_op(), so it's needed there specifically to fix that bug. 1ac3629bf0125 ensures that SC_STATUS_ADMIN_REVOKED is always set in the allowed mask. If that's always allowed, then FREEABLE must be too. There is only a very narrow window of time when ADMIN_REVOKED or REVOKED is set, and FREEABLE is not. I'll respin and remove the other FREEABLE flag, since I think it should be implied everywhere. > > > > > Signed-off-by: Jeff Layton <jlayton@...nel.org> > > --- > > This fixes the pynfs DELEG8 test. > > --- > > fs/nfsd/nfs4state.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c > > index 153eeea2c7c999d003cd1f36cecb0dd4f6e049b8..56bf07d623d085589823f3fba18afa62c0b3dbd2 100644 > > --- a/fs/nfsd/nfs4state.c > > +++ b/fs/nfsd/nfs4state.c > > @@ -7051,7 +7051,7 @@ nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, > > */ > > statusmask |= SC_STATUS_REVOKED; > > > > - statusmask |= SC_STATUS_ADMIN_REVOKED; > > + statusmask |= SC_STATUS_ADMIN_REVOKED | SC_STATUS_FREEABLE; > > > > if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) || > > CLOSE_STATEID(stateid)) > > > > --- > > base-commit: 4990d098433db18c854e75fb0f90d941eb7d479e > > change-id: 20250212-nfsd-fixes-fa8047082335 > > > > Best regards, > > -- > > Jeff Layton <jlayton@...nel.org> > > > > > -- Jeff Layton <jlayton@...nel.org>
Powered by blists - more mailing lists