On Thu, 2024-10-31 at 09:40 -0400, cel@xxxxxxxxxx wrote:
> From: Chuck Lever <chuck.lever@xxxxxxxxxx>
>
> If an async COPY operation happens to be running when the server is
> shut down, notify the requesting client that the copy has completed.
>
> Since the nfs4_client is going away, seems like this could introduce
> some UAFs.
>
> Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
> ---
> fs/nfsd/nfs4proc.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
> index 4c964bce6bd7..51b3f85f3791 100644
> --- a/fs/nfsd/nfs4proc.c
> +++ b/fs/nfsd/nfs4proc.c
> @@ -68,6 +68,8 @@ MODULE_PARM_DESC(nfsd4_ssc_umount_timeout,
>
> #define NFSDDBG_FACILITY NFSDDBG_PROC
>
> +static void nfsd4_send_cb_offload(struct nfsd4_copy *copy);
> +
> static u32 nfsd_attrmask[] = {
> NFSD_WRITEABLE_ATTRS_WORD0,
> NFSD_WRITEABLE_ATTRS_WORD1,
> @@ -1381,8 +1383,10 @@ void nfsd4_shutdown_copy(struct nfs4_client *clp)
> {
> struct nfsd4_copy *copy;
>
> - while ((copy = nfsd4_get_copy(clp)) != NULL)
> + while ((copy = nfsd4_get_copy(clp)) != NULL) {
> nfsd4_stop_copy(copy);
> + nfsd4_send_cb_offload(copy);
> + }
Not sure about a UAF, but it seems like NFS4ERR_DELAY returns might
delay the client destruction for quite a while. Maybe this CB_OFFLOAD
shouldn't retry on DELAY?
> }
> #ifdef CONFIG_NFSD_V4_2_INTER_SSC
>
--
Jeff Layton <jlayton@xxxxxxxxxx>
