nfs: Fix argument typo to avoid a crash

A typo resulted in the wrong argument for a bytewise
comparison that could result in a crash if
the incorrect argument was not a valid pointer.

This patch fixes the argument.

While investigating this, I noticed that the
correct argument was not being filled in as
required, so this patch fixes that, as well.

Somehow, recovery from a NFSv4.1/4.2 server
crash worked during testing, so this was not
detected.  The bug/patch only affects NFS
client mounts using NFSv4.1/4.2.

PR:	294925
Reported by:	Jov <amutu@amutu.com>
MFC after:	3 days
This commit is contained in:
Rick Macklem
2026-05-25 12:22:32 -07:00
parent be9f353964
commit 4d80d4913e
2 changed files with 6 additions and 2 deletions
+3 -2
View File
@@ -1265,8 +1265,9 @@ newnfs_request(struct nfsrv_descript *nd, struct nfsmount *nmp,
goto out;
}
sep = NFSMNT_MDSSESSION(nmp);
if (bcmp(sep->nfsess_sessionid, nd->nd_sequence,
NFSX_V4SESSIONID) == 0) {
if (bcmp(sep->nfsess_sessionid,
nd->nd_sessionid, NFSX_V4SESSIONID) == 0 &&
sep->nfsess_defunct == 0) {
printf("Initiate recovery. If server "
"has not rebooted, "
"check NFS clients for unique "
+3
View File
@@ -368,6 +368,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, struct nfsmount *nmp,
* First, fill in some of the fields of nd.
*/
nd->nd_slotseq = NULL;
NFSBZERO(nd->nd_sessionid, NFSX_V4SESSIONID);
if (vers == NFS_VER4) {
nd->nd_flag = ND_NFSV4 | ND_NFSCL;
if (minorvers == NFSV41_MINORVERSION)
@@ -5348,6 +5349,7 @@ nfsv4_setsequence(struct nfsmount *nmp, struct nfsrv_descript *nd,
NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID + 4 * NFSX_UNSIGNED);
nd->nd_sequence = tl;
bcopy(sessionid, tl, NFSX_V4SESSIONID);
bcopy(sessionid, nd->nd_sessionid, NFSX_V4SESSIONID);
tl += NFSX_V4SESSIONID / NFSX_UNSIGNED;
nd->nd_slotseq = tl;
if (error == 0) {
@@ -5593,6 +5595,7 @@ nfsrpc_destroysession(struct nfsmount *nmp, struct nfsclsession *tsep,
0, NULL);
NFSM_BUILD(tl, uint32_t *, NFSX_V4SESSIONID);
bcopy(tsep->nfsess_sessionid, tl, NFSX_V4SESSIONID);
bcopy(tsep->nfsess_sessionid, nd->nd_sessionid, NFSX_V4SESSIONID);
nd->nd_flag |= ND_USEGSSNAME;
error = newnfs_request(nd, nmp, NULL, &nmp->nm_sockreq, NULL, p, cred,
NFS_PROG, NFS_VER4, NULL, 1, NULL, NULL);