Re: NFSD oops when it receives operation it doesn't support

"J. Bruce Fields" <bfields@xxxxxxxxxx> · Thu, 13 Apr 2017 11:29:47 -0400

On Fri, Mar 24, 2017 at 01:45:02PM -0400, Olga Kornievskaia wrote:
> On Fri, Mar 24, 2017 at 11:59 AM, J. Bruce Fields <bfields@xxxxxxxxxx> wrote:
> > On Thu, Mar 23, 2017 at 02:36:20PM -0400, Olga Kornievskaia wrote:
> >> I'm getting this oops when client sends an operation the server doesn't support.
> >>
> >> in nfsd4_max_reply() it checks for NULL rsize_bop but non-supported
> >> operation wouldn't have that set.
> >>
> >> So maybe something like this for the fix:
> >
> > Ouch, thanks, did you notice whether this was a recent regression?
> >
> > I thought we had a pynfs test for this--I'll check.
> 
> Seems like regression though i don't know when. I tried against RHEL
> 3.10.0.-514 kernel and it doesn't oops when it receives CLONE,COPY ops
> (returns ILLEGAL and NOTSUPP respectively).

Sorry for the delay handling this.  I haven't tested, but it's almost
certainly a regression from 2282cd2c05e2 "NFSD: Get response size before
operation for all RPCs", which added that BUG().  Applying for 4.11 as
follows.

--b.

commit 05b7278d510a
Author: Olga Kornievskaia <aglo@xxxxxxxxx>
Date:   Thu Mar 23 14:36:20 2017 -0400

    nfsd: fix oops on unsupported operation
    
    I'm hitting the BUG in nfsd4_max_reply() at fs/nfsd/nfs4proc.c:2495 when
    client sends an operation the server doesn't support.
    
    in nfsd4_max_reply() it checks for NULL rsize_bop but a non-supported
    operation wouldn't have that set.
    
    Cc: Kinglong Mee <kinglongmee@xxxxxxxxx>
    Fixes: 2282cd2c05e2 "NFSD: Get response size before operation..."
    Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index cbeeda1e94a2..d86031b6ad79 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -2489,7 +2489,7 @@ bool nfsd4_spo_must_allow(struct svc_rqst *rqstp)
 
 int nfsd4_max_reply(struct svc_rqst *rqstp, struct nfsd4_op *op)
 {
-	if (op->opnum == OP_ILLEGAL)
+	if (op->opnum == OP_ILLEGAL || op->status == nfserr_notsupp)
 		return op_encode_hdr_size * sizeof(__be32);
 
 	BUG_ON(OPDESC(op)->op_rsize_bop == NULL);
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






