diff options
author | Rick Macklem <rmacklem@FreeBSD.org> | 2022-02-09 23:17:50 +0000 |
---|---|---|
committer | Rick Macklem <rmacklem@FreeBSD.org> | 2022-02-09 23:17:50 +0000 |
commit | 17a56f3fabdfacb62f6d8858643cdb1861c8c1b5 (patch) | |
tree | acfe4ee72bda76f5c7fa0bb8bd8a83faae12eeca | |
parent | 3090d5045a1e5663f151ef3f50f3c7db8f9a9e3c (diff) | |
download | src-17a56f3fabdfacb62f6d8858643cdb1861c8c1b5.tar.gz src-17a56f3fabdfacb62f6d8858643cdb1861c8c1b5.zip |
nfsd: Reply NFSERR_SEQMISORDERED for bogus seqid argument
The ESXi NFSv4.1 client bogusly sends the wrong value
for the csa_sequence argument for a Create_session operation.
RFC8881 requires this value to be the same as the sequence
reply from the ExchangeID operation most recently done for
the client ID.
Without this patch, the server replies NFSERR_STALECLIENTID,
which is the correct response for an NFSv4.0 SetClientIDConfirm
but is not the correct error for NFSv4.1/4.2, which is
specified as NFSERR_SEQMISORDERED in RFC8881.
This patch fixes this.
This change does not fix the issue reported in the PR, where
the ESXi client loops, attempting ExchangeID/Create_session
repeatedly.
Reported by: asomers
Tested by: asomers
PR: 261291
MFC after: 1 week
-rw-r--r-- | sys/fs/nfsserver/nfs_nfsdstate.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index e7256345f11f..7207be315db8 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -676,10 +676,11 @@ nfsrv_getclient(nfsquad_t clientid, int opflags, struct nfsclient **clpp, * Perform any operations specified by the opflags. */ if (opflags & CLOPS_CONFIRM) { - if (((nd->nd_flag & ND_NFSV41) != 0 && - clp->lc_confirm.lval[0] != confirm.lval[0]) || - ((nd->nd_flag & ND_NFSV41) == 0 && - clp->lc_confirm.qval != confirm.qval)) + if ((nd->nd_flag & ND_NFSV41) != 0 && + clp->lc_confirm.lval[0] != confirm.lval[0]) + error = NFSERR_SEQMISORDERED; + else if ((nd->nd_flag & ND_NFSV41) == 0 && + clp->lc_confirm.qval != confirm.qval) error = NFSERR_STALECLIENTID; else if (nfsrv_notsamecredname(nd, clp)) error = NFSERR_CLIDINUSE; |