Just some minor changes in this version, plus a cleanup patch from Al.
These are bugs that Claude classified as locally-triggerable. A couple
can be triggered by an unprivileged user, but the rest require admin
access.
The last 3 patches fix one bug. I originally had a more targeted fix
that kres generated, but I think it's better to simplify the filecache
disposal mechanism to get rid of the bug rather than add more
complexity.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
Changes in v2:
- rework filecache patch to only take net ref at disposal time
- fix ordering of operations in nfsd4_release_compoundargs()
- add Al's patch to simplify nfsd_cross_mnt() cleanup
- Link to v1: https://lore.kernel.org/r/20260601-nfsd-testing-v1-0-d0f61e536df8@kernel.org
---
Al Viro (1):
nfsd: unify cleanups in nfsd_cross_mnt() exits
Chris Mason (3):
nfsd: hold rcu across localio cmpxchg retry
nfs/localio: fix ref leak on nfs_uuid_add_file failure
nfsd: guard nfsd_serv deref in nfsd_file_net_dispose
Jeff Layton (5):
nfsd: defer vfree of compound ops to fix rpc_status UAF
nfsd: widen nfsd_genl_rqstp address fields to sockaddr_storage
nfsd: fix refcount leak in nfsd_file_lru_add on insertion failure
nfsd: fix fcache_disposal UAF by inlining dispose state into nfsd_net
nfsd: hold net namespace reference for delayed-dispose nfsd_files
fs/nfs_common/nfslocalio.c | 14 ++++-
fs/nfsd/filecache.c | 130 ++++++++++++++++++++-------------------------
fs/nfsd/filecache.h | 3 +-
fs/nfsd/localio.c | 12 +++--
fs/nfsd/netns.h | 3 +-
fs/nfsd/nfs4xdr.c | 4 +-
fs/nfsd/nfsctl.c | 12 ++---
fs/nfsd/vfs.c | 17 +++---
include/linux/nfslocalio.h | 9 +---
9 files changed, 101 insertions(+), 103 deletions(-)
---
base-commit: e7ca66ba17f1b5e4ecbb29b9c3c4a31aa062bed0
change-id: 20260601-nfsd-testing-e3509d5e035e
Best regards,
--
Jeff Layton <jlayton@kernel.org>