CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Mon Dec 11 12:34:43 UTC 2023 Modified Files: src/sys/nfs [netbsd-9]: nfs_vnops.c Log Message: Pull up following revision(s) (requested by schmonz in ticket #1778): sys/nfs/nfs_vnops.c: revision 1.325 NFS client: fix interop with macOS 14 servers. Symptom: a bunch of "Cannot open `.' (Invalid argument)". thorpej@ analysis and fix: on the first request to read a given directory, make sure READDIR and READDIRPLUS cookie verifiers are being set to 0. This is in RFC1813 and macOS must have gotten stricter about it. Verified on 10.0_RC1/aarch64 to fix the reproducers in PR kern/57691 as well as the original use case in which I met the bug: pkg_rr once again runs to completion. To generate a diff of this commit: cvs rdiff -u -r1.311 -r1.311.4.1 src/sys/nfs/nfs_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/nfs/nfs_vnops.c diff -u src/sys/nfs/nfs_vnops.c:1.311 src/sys/nfs/nfs_vnops.c:1.311.4.1 --- src/sys/nfs/nfs_vnops.c:1.311 Mon Sep 3 16:29:36 2018 +++ src/sys/nfs/nfs_vnops.c Mon Dec 11 12:34:43 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_vnops.c,v 1.311 2018/09/03 16:29:36 riastradh Exp $ */ +/* $NetBSD: nfs_vnops.c,v 1.311.4.1 2023/12/11 12:34:43 martin Exp $ */ /* * Copyright (c) 1989, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nfs_vnops.c,v 1.311 2018/09/03 16:29:36 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_vnops.c,v 1.311.4.1 2023/12/11 12:34:43 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_nfs.h" @@ -2466,8 +2466,13 @@ nfs_readdirrpc(struct vnode *vp, struct txdr_cookie3(uiop->uio_offset, tl); } tl += 2; - *tl++ = dnp->n_cookieverf.nfsuquad[0]; - *tl++ = dnp->n_cookieverf.nfsuquad[1]; + if (uiop->uio_offset == 0) { +*tl++ = 0; +*tl++ = 0; + } else { +*tl++ = dnp->n_cookieverf.nfsuquad[0]; +*tl++ = dnp->n_cookieverf.nfsuquad[1]; + } } else #endif { @@ -2676,8 +2681,13 @@ nfs_readdirplusrpc(struct vnode *vp, str txdr_cookie3(uiop->uio_offset, tl); } tl += 2; - *tl++ = dnp->n_cookieverf.nfsuquad[0]; - *tl++ = dnp->n_cookieverf.nfsuquad[1]; + if (uiop->uio_offset == 0) { + *tl++ = 0; + *tl++ = 0; + } else { + *tl++ = dnp->n_cookieverf.nfsuquad[0]; + *tl++ = dnp->n_cookieverf.nfsuquad[1]; + } *tl++ = txdr_unsigned(nmp->nm_readdirsize); *tl = txdr_unsigned(nmp->nm_rsize); nfsm_request(dnp, NFSPROC_READDIRPLUS, curlwp, cred);
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Mon Dec 11 12:34:43 UTC 2023 Modified Files: src/sys/nfs [netbsd-9]: nfs_vnops.c Log Message: Pull up following revision(s) (requested by schmonz in ticket #1778): sys/nfs/nfs_vnops.c: revision 1.325 NFS client: fix interop with macOS 14 servers. Symptom: a bunch of "Cannot open `.' (Invalid argument)". thorpej@ analysis and fix: on the first request to read a given directory, make sure READDIR and READDIRPLUS cookie verifiers are being set to 0. This is in RFC1813 and macOS must have gotten stricter about it. Verified on 10.0_RC1/aarch64 to fix the reproducers in PR kern/57691 as well as the original use case in which I met the bug: pkg_rr once again runs to completion. To generate a diff of this commit: cvs rdiff -u -r1.311 -r1.311.4.1 src/sys/nfs/nfs_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Thu Mar 30 11:59:24 UTC 2023 Modified Files: src/sys/nfs [netbsd-9]: nfs_serv.c nfs_srvsubs.c nfsm_subs.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1617): sys/nfs/nfs_serv.c: revision 1.184 sys/nfs/nfs_srvsubs.c: revision 1.17 sys/nfs/nfsm_subs.h: revision 1.56 sys/nfs/nfsm_subs.h: revision 1.57 nfs: Use unsigned fhlen so we don't trip over negative values. nfs: Avoid integer overflow in nfs_namei bounds check. nfs: Use unsigned name lengths so we don't trip over negative ones. - nfsm_strsiz is only used with uint32_t in callers, but let's not leave it as a rake to step on. - nfsm_srvnamesiz is abused with signed s. The internal conversion to unsigned serves to reject both negative and too-large values in such callers. XXX Should make all callers use unsigned, rather than flipping back and forth between signed and unsigned for name lengths. nfs: Avoid free of uninitialized on bad name size in create, mknod. XXX These error branches are a nightmare and need to be more systematically cleaned up. Even if they are correct now, they are impossible to audit and extremely fragile in case anyone ever needs to make other changes to them. To generate a diff of this commit: cvs rdiff -u -r1.177 -r1.177.4.1 src/sys/nfs/nfs_serv.c cvs rdiff -u -r1.14 -r1.14.42.1 src/sys/nfs/nfs_srvsubs.c cvs rdiff -u -r1.53 -r1.53.34.1 src/sys/nfs/nfsm_subs.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/nfs/nfs_serv.c diff -u src/sys/nfs/nfs_serv.c:1.177 src/sys/nfs/nfs_serv.c:1.177.4.1 --- src/sys/nfs/nfs_serv.c:1.177 Wed Feb 20 10:05:20 2019 +++ src/sys/nfs/nfs_serv.c Thu Mar 30 11:59:24 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_serv.c,v 1.177 2019/02/20 10:05:20 hannken Exp $ */ +/* $NetBSD: nfs_serv.c,v 1.177.4.1 2023/03/30 11:59:24 martin Exp $ */ /* * Copyright (c) 1989, 1993 @@ -55,7 +55,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.177 2019/02/20 10:05:20 hannken Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.177.4.1 2023/03/30 11:59:24 martin Exp $"); #include #include @@ -1643,10 +1643,10 @@ nfsmout: vput(nd.ni_dvp); if (nd.ni_vp) vput(nd.ni_vp); - } - if (nd.ni_pathbuf != NULL) { - pathbuf_destroy(nd.ni_pathbuf); - nd.ni_pathbuf = NULL; + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } } return (error); } @@ -1797,10 +1797,10 @@ nfsmout: vput(nd.ni_dvp); if (nd.ni_vp) vput(nd.ni_vp); - } - if (nd.ni_pathbuf != NULL) { - pathbuf_destroy(nd.ni_pathbuf); - nd.ni_pathbuf = NULL; + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } } if (dirp) vrele(dirp); Index: src/sys/nfs/nfs_srvsubs.c diff -u src/sys/nfs/nfs_srvsubs.c:1.14 src/sys/nfs/nfs_srvsubs.c:1.14.42.1 --- src/sys/nfs/nfs_srvsubs.c:1.14 Mon Nov 5 19:06:27 2012 +++ src/sys/nfs/nfs_srvsubs.c Thu Mar 30 11:59:24 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_srvsubs.c,v 1.14 2012/11/05 19:06:27 dholland Exp $ */ +/* $NetBSD: nfs_srvsubs.c,v 1.14.42.1 2023/03/30 11:59:24 martin Exp $ */ /* * Copyright (c) 1989, 1993 @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.14 2012/11/05 19:06:27 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.14.42.1 2023/03/30 11:59:24 martin Exp $"); #include #include @@ -129,7 +129,7 @@ nfs_namei(struct nameidata *ndp, nfsrvfh *retdirp = NULL; ndp->ni_pathbuf = NULL; - if ((len + 1) > NFS_MAXPATHLEN) + if (len > NFS_MAXPATHLEN - 1) return (ENAMETOOLONG); if (len == 0) return (EACCES); Index: src/sys/nfs/nfsm_subs.h diff -u src/sys/nfs/nfsm_subs.h:1.53 src/sys/nfs/nfsm_subs.h:1.53.34.1 --- src/sys/nfs/nfsm_subs.h:1.53 Sat Sep 14 22:29:08 2013 +++ src/sys/nfs/nfsm_subs.h Thu Mar 30 11:59:24 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: nfsm_subs.h,v 1.53 2013/09/14 22:29:08 martin Exp $ */ +/* $NetBSD: nfsm_subs.h,v 1.53.34.1 2023/03/30 11:59:24 martin Exp $ */ /* * Copyright (c) 1989, 1993 @@ -358,7 +358,7 @@ #define nfsm_strsiz(s,m) \ { nfsm_dissect(tl,uint32_t *,NFSX_UNSIGNED); \ - if (((s) = fxdr_unsigned(uint32_t,*tl)) > (m)) { \ + if ((uint32_t)((s) = fxdr_unsigned(uint32_t,*tl)) > (m)) { \ m_freem(mrep); \ error = EBADRPC; \ goto nfsmout; \ @@ -366,7 +366,8 @@ #define nfsm_srvnamesiz(s) \ { nfsm_dissect(tl,uint32_t *,NFSX_UNSIGNED); \ - if (((s) = fxdr_unsigned(uint32_t,*tl)) > NFS_MAXNAMLEN) \ + if ((uint32_t)((s) = fxdr_unsigned(uint32_t,*tl)) > \ + NFS_MAXNAMLEN) \ error = NFSERR_NAMETOL; \ if (error) \ nfsm_reply(0); \ @@ -472,20 +473,24 @@ } } #define nfsm_srvmtofh(nsfh) \ - { int fhlen = NFSX_V3FH; \ + { uint32_t fhlen = NFSX_V3FH; \ if (nfsd->nd_flag & ND_NFSV3) { \ - nfsm_dissect(tl, u_int32_t *,
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Thu Mar 30 11:59:24 UTC 2023 Modified Files: src/sys/nfs [netbsd-9]: nfs_serv.c nfs_srvsubs.c nfsm_subs.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1617): sys/nfs/nfs_serv.c: revision 1.184 sys/nfs/nfs_srvsubs.c: revision 1.17 sys/nfs/nfsm_subs.h: revision 1.56 sys/nfs/nfsm_subs.h: revision 1.57 nfs: Use unsigned fhlen so we don't trip over negative values. nfs: Avoid integer overflow in nfs_namei bounds check. nfs: Use unsigned name lengths so we don't trip over negative ones. - nfsm_strsiz is only used with uint32_t in callers, but let's not leave it as a rake to step on. - nfsm_srvnamesiz is abused with signed s. The internal conversion to unsigned serves to reject both negative and too-large values in such callers. XXX Should make all callers use unsigned, rather than flipping back and forth between signed and unsigned for name lengths. nfs: Avoid free of uninitialized on bad name size in create, mknod. XXX These error branches are a nightmare and need to be more systematically cleaned up. Even if they are correct now, they are impossible to audit and extremely fragile in case anyone ever needs to make other changes to them. To generate a diff of this commit: cvs rdiff -u -r1.177 -r1.177.4.1 src/sys/nfs/nfs_serv.c cvs rdiff -u -r1.14 -r1.14.42.1 src/sys/nfs/nfs_srvsubs.c cvs rdiff -u -r1.53 -r1.53.34.1 src/sys/nfs/nfsm_subs.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Tue Dec 20 09:56:28 UTC 2022 Modified Files: src/sys/nfs [netbsd-9]: nfs_srvsocket.c Log Message: Pull up following revision(s) (requested by hannken in ticket #1555): sys/nfs/nfs_srvsocket.c: revision 1.5 When partitioning a mbuf chain with m_split() the last mbuf of the returned tail chain is not necessarily the same as the last mbuf of the initial chain. Always set "slp->ns_rawend" to the last mbuf of the tail chain to prevent mbuf leaks and corruption. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.4.68.1 src/sys/nfs/nfs_srvsocket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/nfs/nfs_srvsocket.c diff -u src/sys/nfs/nfs_srvsocket.c:1.4 src/sys/nfs/nfs_srvsocket.c:1.4.68.1 --- src/sys/nfs/nfs_srvsocket.c:1.4 Thu Sep 3 20:59:12 2009 +++ src/sys/nfs/nfs_srvsocket.c Tue Dec 20 09:56:28 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_srvsocket.c,v 1.4 2009/09/03 20:59:12 tls Exp $ */ +/* $NetBSD: nfs_srvsocket.c,v 1.4.68.1 2022/12/20 09:56:28 martin Exp $ */ /* * Copyright (c) 1989, 1991, 1993, 1995 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nfs_srvsocket.c,v 1.4 2009/09/03 20:59:12 tls Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_srvsocket.c,v 1.4.68.1 2022/12/20 09:56:28 martin Exp $"); #include #include @@ -323,8 +323,9 @@ nfsrv_getstream(struct nfssvc_sock *slp, } m_claimm(recm, _mowner); slp->ns_raw = m; - if (m->m_next == NULL) -slp->ns_rawend = m; + while (m->m_next) +m = m->m_next; + slp->ns_rawend = m; slp->ns_cc -= slp->ns_reclen; slp->ns_reclen = 0; } else {
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Tue Dec 20 09:56:28 UTC 2022 Modified Files: src/sys/nfs [netbsd-9]: nfs_srvsocket.c Log Message: Pull up following revision(s) (requested by hannken in ticket #1555): sys/nfs/nfs_srvsocket.c: revision 1.5 When partitioning a mbuf chain with m_split() the last mbuf of the returned tail chain is not necessarily the same as the last mbuf of the initial chain. Always set "slp->ns_rawend" to the last mbuf of the tail chain to prevent mbuf leaks and corruption. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.4.68.1 src/sys/nfs/nfs_srvsocket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Wed May 4 17:51:20 UTC 2022 Modified Files: src/sys/nfs [netbsd-9]: nfs_vfsops.c Log Message: Pull up following revision(s) (requested by gavan in ticket #1441): sys/nfs/nfs_vfsops.c: revision 1.243 Don't pretend that files are limited to 1TB on NFSv3. To generate a diff of this commit: cvs rdiff -u -r1.237 -r1.237.4.1 src/sys/nfs/nfs_vfsops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/nfs
Module Name:src Committed By: martin Date: Wed May 4 17:51:20 UTC 2022 Modified Files: src/sys/nfs [netbsd-9]: nfs_vfsops.c Log Message: Pull up following revision(s) (requested by gavan in ticket #1441): sys/nfs/nfs_vfsops.c: revision 1.243 Don't pretend that files are limited to 1TB on NFSv3. To generate a diff of this commit: cvs rdiff -u -r1.237 -r1.237.4.1 src/sys/nfs/nfs_vfsops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/nfs/nfs_vfsops.c diff -u src/sys/nfs/nfs_vfsops.c:1.237 src/sys/nfs/nfs_vfsops.c:1.237.4.1 --- src/sys/nfs/nfs_vfsops.c:1.237 Mon Sep 3 16:29:36 2018 +++ src/sys/nfs/nfs_vfsops.c Wed May 4 17:51:20 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_vfsops.c,v 1.237 2018/09/03 16:29:36 riastradh Exp $ */ +/* $NetBSD: nfs_vfsops.c,v 1.237.4.1 2022/05/04 17:51:20 martin Exp $ */ /* * Copyright (c) 1989, 1993, 1995 @@ -35,7 +35,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nfs_vfsops.c,v 1.237 2018/09/03 16:29:36 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_vfsops.c,v 1.237.4.1 2022/05/04 17:51:20 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_nfs.h" @@ -307,8 +307,7 @@ nfs_fsinfo(struct nfsmount *nmp, struct if (nmp->nm_readdirsize == 0) nmp->nm_readdirsize = xmax; } - /* XXX */ - nmp->nm_maxfilesize = (u_int64_t)0x8000 * DEV_BSIZE - 1; + nmp->nm_maxfilesize = 0xull; maxfsize = fxdr_hyper(>fs_maxfilesize); if (maxfsize > 0 && maxfsize < nmp->nm_maxfilesize) nmp->nm_maxfilesize = maxfsize;