diff options
author | J. Bruce Fields <bfields@redhat.com> | 2012-02-13 22:56:19 +0100 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2012-02-14 23:01:58 +0100 |
commit | bf5c43c8f155e755b0fc3dfa76f9f8c6e2c0161f (patch) | |
tree | 6c36ab623d4f5cb2ce9606ffa3f1dd53b3550848 /fs/nfsd/nfs4state.c | |
parent | nfsd4: rearrange struct nfsd4_slot (diff) | |
download | linux-bf5c43c8f155e755b0fc3dfa76f9f8c6e2c0161f.tar.xz linux-bf5c43c8f155e755b0fc3dfa76f9f8c6e2c0161f.zip |
nfsd4: check for uninitialized slot
This fixes an oops when a buggy client tries to use an initial seqid of
0 on a new slot, which we may misinterpret as a replay.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfs4state.c')
-rw-r--r-- | fs/nfsd/nfs4state.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index e0e706f8918d..2387791ea050 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -1347,6 +1347,7 @@ nfsd4_store_cache_entry(struct nfsd4_compoundres *resp) slot->sl_opcnt = resp->opcnt; slot->sl_status = resp->cstate.status; + slot->sl_flags |= NFSD4_SLOT_INITIALIZED; if (nfsd4_not_cached(resp)) { slot->sl_datalen = 0; return; @@ -1916,6 +1917,9 @@ nfsd4_sequence(struct svc_rqst *rqstp, status = check_slot_seqid(seq->seqid, slot->sl_seqid, slot->sl_flags & NFSD4_SLOT_INUSE); if (status == nfserr_replay_cache) { + status = nfserr_seq_misordered; + if (!(slot->sl_flags & NFSD4_SLOT_INITIALIZED)) + goto out; cstate->slot = slot; cstate->session = session; /* Return the cached reply status and set cstate->status @@ -1932,9 +1936,11 @@ nfsd4_sequence(struct svc_rqst *rqstp, /* Success! bump slot seqid */ slot->sl_seqid = seq->seqid; - slot->sl_flags = NFSD4_SLOT_INUSE; + slot->sl_flags |= NFSD4_SLOT_INUSE; if (seq->cachethis) slot->sl_flags |= NFSD4_SLOT_CACHETHIS; + else + slot->sl_flags &= ~NFSD4_SLOT_CACHETHIS; cstate->slot = slot; cstate->session = session; |