[Linux-stable-mirror] Patch "nfsd: check for use of the closed special stateid" has been added to the 4.9-stable tree - Linux-stable-mirror

1 Feb 2018

This is a note to let you know that I've just added the patch titled
nfsd: check for use of the closed special stateid
to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is:
     nfsd-check-for-use-of-the-closed-special-stateid.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let stable@vger.kernel.org know about it.
...
From foo@baz Thu Feb  1 14:00:34 CET 2018
From: Andrew Elble aweits@rit.edu
Date: Thu, 9 Nov 2017 13:41:10 -0500
Subject: nfsd: check for use of the closed special stateid
From: Andrew Elble aweits@rit.edu
[ Upstream commit ae254dac721d44c0bfebe2795df87459e2e88219 ]
Prevent the use of the closed (invalid) special stateid by clients.
Signed-off-by: Andrew Elble aweits@rit.edu
Signed-off-by: J. Bruce Fields bfields@redhat.com
Signed-off-by: Sasha Levin alexander.levin@microsoft.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 fs/nfsd/nfs4state.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -72,6 +72,7 @@ static u64 current_sessionid = 1;
 #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
 #define ONE_STATEID(stateid)  (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
 #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
+#define CLOSE_STATEID(stateid)  (!memcmp((stateid), &close_stateid, sizeof(stateid_t)))
/* forward declarations */
 static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner);
@@ -4869,7 +4870,8 @@ static __be32 nfsd4_validate_stateid(str
    struct nfs4_stid *s;
    __be32 status = nfserr_bad_stateid;
-	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
+	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
+		CLOSE_STATEID(stateid))
    	return status;
    /* Client debugging aid. */
    if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
@@ -4927,7 +4929,8 @@ nfsd4_lookup_stateid(struct nfsd4_compou
    else if (typemask & NFS4_DELEG_STID)
    	typemask |= NFS4_REVOKED_DELEG_STID;
-	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
+	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
+		CLOSE_STATEID(stateid))
    	return nfserr_bad_stateid;
    status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn);
    if (status == nfserr_stale_clientid) {
Patches currently in stable-queue which might be from aweits@rit.edu are
queue-4.9/nfsd-check-for-use-of-the-closed-special-stateid.patch

    