diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2025-10-02 10:00:51 -0400 |
|---|---|---|
| committer | Chuck Lever <chuck.lever@oracle.com> | 2025-10-21 11:03:50 -0400 |
| commit | 3e7f011c255582d7c914133785bbba1990441713 (patch) | |
| tree | cc5883406a03e3a2abef80d687e3ff73f597127a /scripts/sphinx-pre-install.py | |
| parent | 29cdfb4950702bb849f70f7e3b58b4eeb5c1441c (diff) | |
Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"
I've found that pynfs COMP6 now leaves the connection or lease in a
strange state, which causes CLOSE9 to hang indefinitely. I've dug
into it a little, but I haven't been able to root-cause it yet.
However, I bisected to commit 48aab1606fa8 ("NFSD: Remove the cap on
number of operations per NFSv4 COMPOUND").
Tianshuo Han also reports a potential vulnerability when decoding
an NFSv4 COMPOUND. An attacker can place an arbitrarily large op
count in the COMPOUND header, which results in:
[ 51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total
pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO),
nodemask=(null),cpuset=/,mems_allowed=0
when NFSD attempts to allocate the COMPOUND op array.
Let's restore the operation-per-COMPOUND limit, but increased to 200
for now.
Reported-by: tianshuo han <hantianshuo233@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Cc: stable@vger.kernel.org
Tested-by: Tianshuo Han <hantianshuo233@gmail.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'scripts/sphinx-pre-install.py')
0 files changed, 0 insertions, 0 deletions