From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Chuck Lever <chuck.lever@oracle.com>,
"J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 4.14 096/125] NFSD: Add missing NFSv2 .pc_func methods
Date: Tue, 3 Nov 2020 21:37:53 +0100 [thread overview]
Message-ID: <20201103203210.905108227@linuxfoundation.org> (raw)
In-Reply-To: <20201103203156.372184213@linuxfoundation.org>
From: Chuck Lever <chuck.lever@oracle.com>
commit 6b3dccd48de8a4c650b01499a0b09d1e2279649e upstream.
There's no protection in nfsd_dispatch() against a NULL .pc_func
helpers. A malicious NFS client can trigger a crash by invoking the
unused/unsupported NFSv2 ROOT or WRITECACHE procedures.
The current NFSD dispatcher does not support returning a void reply
to a non-NULL procedure, so the reply to both of these is wrong, for
the moment.
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfsproc.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/fs/nfsd/nfsproc.c
+++ b/fs/nfsd/nfsproc.c
@@ -118,6 +118,13 @@ done:
return nfsd_return_attrs(nfserr, resp);
}
+/* Obsolete, replaced by MNTPROC_MNT. */
+static __be32
+nfsd_proc_root(struct svc_rqst *rqstp)
+{
+ return nfs_ok;
+}
+
/*
* Look up a path name component
* Note: the dentry in the resp->fh may be negative if the file
@@ -201,6 +208,13 @@ nfsd_proc_read(struct svc_rqst *rqstp)
return fh_getattr(&resp->fh, &resp->stat);
}
+/* Reserved */
+static __be32
+nfsd_proc_writecache(struct svc_rqst *rqstp)
+{
+ return nfs_ok;
+}
+
/*
* Write data to a file
* N.B. After this call resp->fh needs an fh_put
@@ -605,6 +619,7 @@ static const struct svc_procedure nfsd_p
.pc_xdrressize = ST+AT,
},
[NFSPROC_ROOT] = {
+ .pc_func = nfsd_proc_root,
.pc_decode = nfssvc_decode_void,
.pc_encode = nfssvc_encode_void,
.pc_argsize = sizeof(struct nfsd_void),
@@ -642,6 +657,7 @@ static const struct svc_procedure nfsd_p
.pc_xdrressize = ST+AT+1+NFSSVC_MAXBLKSIZE_V2/4,
},
[NFSPROC_WRITECACHE] = {
+ .pc_func = nfsd_proc_writecache,
.pc_decode = nfssvc_decode_void,
.pc_encode = nfssvc_encode_void,
.pc_argsize = sizeof(struct nfsd_void),
next prev parent reply other threads:[~2020-11-03 21:15 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 20:36 [PATCH 4.14 000/125] 4.14.204-rc1 review Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 001/125] scripts/setlocalversion: make git describe output more reliable Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 002/125] arm64: link with -z norelro regardless of CONFIG_RELOCATABLE Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 003/125] efivarfs: Replace invalid slashes with exclamation marks in dentries Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 004/125] gtp: fix an use-before-init in gtp_newlink() Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 005/125] ravb: Fix bit fields checking in ravb_hwtstamp_get() Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 006/125] tipc: fix memory leak caused by tipc_buf_append() Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 007/125] arch/x86/amd/ibs: Fix re-arming IBS Fetch Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 008/125] x86/xen: disable Firmware First mode for correctable memory errors Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 009/125] fuse: fix page dereference after free Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 010/125] p54: avoid accessing the data mapped to streaming DMA Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 011/125] mtd: lpddr: Fix bad logic in print_drs_error Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 012/125] ata: sata_rcar: Fix DMA boundary mask Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 013/125] fscrypt: return -EXDEV for incompatible rename or link into encrypted dir Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 014/125] x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 015/125] mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 016/125] futex: Fix incorrect should_fail_futex() handling Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 017/125] powerpc/powernv/smp: Fix spurious DBG() warning Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 018/125] powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 019/125] sparc64: remove mm_cpumask clearing to fix kthread_use_mm race Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 020/125] f2fs: add trace exit in exception path Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 021/125] f2fs: fix to check segment boundary during SIT page readahead Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 022/125] um: change sigio_spinlock to a mutex Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 023/125] ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 024/125] xfs: fix realtime bitmap/summary file truncation when growing rt volume Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 025/125] video: fbdev: pvr2fb: initialize variables Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 026/125] ath10k: start recovery process when payload length exceeds max htc length for sdio Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 027/125] ath10k: fix VHT NSS calculation when STBC is enabled Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 028/125] drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 029/125] media: videodev2.h: RGB BT2020 and HSV are always full range Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 030/125] media: platform: Improve queue set up flow for bug fixing Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 031/125] usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 032/125] media: tw5864: check status of tw5864_frameinterval_get Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 033/125] mmc: via-sdmmc: Fix data race bug Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 034/125] drm/bridge/synopsys: dsi: add support for non-continuous HS clock Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 035/125] printk: reduce LOG_BUF_SHIFT range for H8300 Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 036/125] kgdb: Make "kgdbcon" work properly with "kgdb_earlycon" Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 037/125] cpufreq: sti-cpufreq: add stih418 support Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 038/125] USB: adutux: fix debugging Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 039/125] uio: free uio id after uio file node is freed Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 040/125] arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 041/125] ACPI: Add out of bounds and numa_off protections to pxm_to_node() Greg Kroah-Hartman
2020-11-03 20:36 ` [PATCH 4.14 042/125] drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 043/125] bus/fsl_mc: Do not rely on caller to provide non NULL mc_io Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 044/125] power: supply: test_power: add missing newlines when printing parameters by sysfs Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 045/125] md/bitmap: md_bitmap_get_counter returns wrong blocks Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 046/125] bnxt_en: Log unknown link speed appropriately Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 047/125] clk: ti: clockdomain: fix static checker warning Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 048/125] asm-generic/io.h: Fix !CONFIG_GENERIC_IOMAP pci_iounmap() implementation Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 049/125] net: 9p: initialize sun_server.sun_path to have addrs value only when addr is valid Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 050/125] drivers: watchdog: rdc321x_wdt: Fix race condition bugs Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 051/125] ext4: Detect already used quota file early Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 052/125] gfs2: add validation checks for size of superblock Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 053/125] arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 054/125] memory: emif: Remove bogus debugfs error handling Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 055/125] ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 056/125] ARM: dts: s5pv210: move PMU node out of clock controller Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 057/125] ARM: dts: s5pv210: remove dedicated audio-subsystem node Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 058/125] nbd: make the config put is called before the notifying the waiter Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 059/125] sgl_alloc_order: fix memory leak Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 060/125] nvme-rdma: fix crash when connect rejected Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 061/125] md/raid5: fix oops during stripe resizing Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 062/125] perf/x86/amd/ibs: Dont include randomized bits in get_ibs_op_count() Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 063/125] perf/x86/amd/ibs: Fix raw sample data accumulation Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 064/125] leds: bcm6328, bcm6358: use devres LED registering function Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 065/125] fs: Dont invalidate page buffers in block_write_full_page() Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 066/125] NFS: fix nfs_path in case of a rename retry Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 067/125] ACPI / extlog: Check for RDMSR failure Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 068/125] ACPI: video: use ACPI backlight for HP 635 Notebook Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 069/125] ACPI: debug: dont allow debugging when ACPI is disabled Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 070/125] acpi-cpufreq: Honor _PSD table setting on new AMD CPUs Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 071/125] w1: mxc_w1: Fix timeout resolution problem leading to bus error Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 072/125] scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 073/125] btrfs: reschedule if necessary when logging directory items Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 074/125] btrfs: send, recompute reference path after orphanization of a directory Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 075/125] btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 076/125] btrfs: cleanup cow block on error Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 077/125] btrfs: fix use-after-free on readahead extent after failure to create it Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 078/125] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 079/125] usb: dwc3: core: add phy cleanup for probe error handling Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 080/125] usb: dwc3: core: dont trigger runtime pm when remove driver Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 081/125] usb: cdc-acm: fix cooldown mechanism Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 082/125] usb: host: fsl-mph-dr-of: check return of dma_set_mask() Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 083/125] drm/i915: Force VTd workarounds when running as a guest OS Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 084/125] vt: keyboard, simplify vt_kdgkbsent Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 085/125] vt: keyboard, extend func_buf_lock to readers Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 086/125] dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 087/125] iio:light:si1145: Fix timestamp alignment and prevent data leak Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 088/125] iio:adc:ti-adc0832 Fix alignment issue with timestamp Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 089/125] iio:adc:ti-adc12138 " Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 090/125] iio:gyro:itg3200: Fix timestamp alignment and prevent data leak Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 091/125] s390/stp: add locking to sysfs functions Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 092/125] powerpc/rtas: Restrict RTAS requests from userspace Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 093/125] powerpc: Warn about use of smt_snooze_delay Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 094/125] powerpc/powernv/elog: Fix race while processing OPAL error log event Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 095/125] NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag Greg Kroah-Hartman
2020-11-03 20:37 ` Greg Kroah-Hartman [this message]
2020-11-03 20:37 ` [PATCH 4.14 097/125] ubifs: dent: Fix some potential memory leaks while iterating entries Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 098/125] perf python scripting: Fix printable strings in python3 scripts Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 099/125] ubi: check kthread_should_stop() after the setting of task state Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 100/125] ia64: fix build error with !COREDUMP Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 101/125] drm/amdgpu: dont map BO in reserved region Greg Kroah-Hartman
2020-11-03 20:37 ` [PATCH 4.14 102/125] ceph: promote to unsigned long long before shifting Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 103/125] libceph: clear con->out_msg on Policy::stateful_server faults Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 104/125] 9P: Cast to loff_t before multiplying Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 105/125] ring-buffer: Return 0 on success from ring_buffer_resize() Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 106/125] vringh: fix __vringh_iov() when riov and wiov are different Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 107/125] ext4: fix leaking sysfs kobject after failed mount Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 108/125] ext4: fix error handling code in add_new_gdb Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 109/125] ext4: fix invalid inode checksum Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 110/125] ext4: fix superblock checksum calculation race Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 111/125] drm/ttm: fix eviction valuable range check Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 112/125] rtc: rx8010: dont modify the global rtc ops Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 113/125] tty: make FONTX ioctl use the tty pointer they were actually passed Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 114/125] arm64: berlin: Select DW_APB_TIMER_OF Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 115/125] cachefiles: Handle readpage error correctly Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 116/125] hil/parisc: Disable HIL driver when it gets stuck Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 117/125] arm: dts: mt7623: add missing pause for switchport Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 118/125] ARM: samsung: fix PM debug build with DEBUG_LL but !MMU Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 119/125] ARM: s3c24xx: fix missing system reset Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 120/125] device property: Keep secondary firmware node secondary by type Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 121/125] device property: Dont clear secondary pointer for shared primary firmware node Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 122/125] KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 123/125] staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 124/125] staging: octeon: repair "fixed-link" support Greg Kroah-Hartman
2020-11-03 20:38 ` [PATCH 4.14 125/125] staging: octeon: Drop on uncorrectable alignment or FCS error Greg Kroah-Hartman
2020-11-04 9:03 ` [PATCH 4.14 000/125] 4.14.204-rc1 review Jon Hunter
2020-11-04 11:13 ` Naresh Kamboju
2020-11-04 14:08 ` Guenter Roeck
2020-11-04 17:49 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201103203210.905108227@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bfields@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).