Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/fs/nfsd
History
Chuck Lever a4bafb833f NFSD: Limit the number of concurrent async COPY operations 
[ Upstream commit aadc3bbea163b6caaaebfdd2b6c4667fbc726752 ]

Nothing appears to limit the number of concurrent async COPY
operations that clients can start. In addition, AFAICT each async
COPY can copy an unlimited number of 4MB chunks, so can run for a
long time. Thus IMO async COPY can become a DoS vector.

Add a restriction mechanism that bounds the number of concurrent
background COPY operations. Start simple and try to be fair -- this
patch implements a per-namespace limit.

An async COPY request that occurs while this limit is exceeded gets
NFS4ERR_DELAY. The requesting client can choose to send the request
again after a delay or fall back to a traditional read/write style
copy.

If there is need to make the mechanism more sophisticated, we can
visit that in future patches.

Cc: stable@vger.kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Link: https://nvd.nist.gov/vuln/detail/CVE-2024-49974
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-17 13:20:51 +01:00
..
acl.h NFSD: add posix ACLs to struct nfsd_attrs 2024-11-19 12:28:04 +01:00
auth.c
auth.h
blocklayout.c nfsd: move nfserrno() to vfs.c 2024-11-19 12:28:26 +01:00
blocklayoutxdr.c nfsd: move nfserrno() to vfs.c 2024-11-19 12:28:26 +01:00
blocklayoutxdr.h
cache.h Revert "nfsd: make all of the nfsd stats per-network namespace" 2024-11-24 00:23:43 +01:00
current_stateid.h
export.c Revert "NFSD: Fix frame size warning in svc_export_parse()" 2024-11-24 00:23:45 +01:00
export.h Revert "NFSD: Fix frame size warning in svc_export_parse()" 2024-11-24 00:23:45 +01:00
fault_inject.c
filecache.c Revert "nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire" 2024-11-24 00:23:21 +01:00
filecache.h NFSD: Convert filecache to rhltable 2024-11-19 12:28:32 +01:00
flexfilelayout.c nfsd: move nfserrno() to vfs.c 2024-11-19 12:28:26 +01:00
flexfilelayoutxdr.c
flexfilelayoutxdr.h
idmap.h
Kconfig nfsd: allow disabling NFSv2 at compile time 2024-11-19 12:28:26 +01:00
lockd.c Keep read and write fds with each nlm_file 2024-11-19 12:27:44 +01:00
Makefile nfsd: allow disabling NFSv2 at compile time 2024-11-19 12:28:26 +01:00
netns.h NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
nfs2acl.c NFSD: Finish converting the NFSv2 GETACL result encoder 2024-11-19 12:28:26 +01:00
nfs3acl.c NFSD: Finish converting the NFSv3 GETACL result encoder 2024-11-19 12:28:26 +01:00
nfs3proc.c NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection 2024-11-19 12:28:26 +01:00
nfs3xdr.c NFSD: Clean up WRITE arg decoders 2024-11-19 12:28:23 +01:00
nfs4acl.c NFSD: add posix ACLs to struct nfsd_attrs 2024-11-19 12:28:04 +01:00
nfs4callback.c NFSD: add support for sending CB_RECALL_ANY 2024-11-19 12:28:29 +01:00
nfs4idmap.c Revert "nfsd: call cache_put if xdr_reserve_space returns NULL" 2024-11-24 00:23:20 +01:00
nfs4layouts.c NFSD: Add tracepoints to report NFSv4 callback completions 2024-11-19 12:28:22 +01:00
nfs4proc.c NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
nfs4recover.c Revert "nfsd: return -EINVAL when namelen is 0" 2024-11-24 00:23:20 +01:00
nfs4state.c NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
nfs4xdr.c Revert "NFSD: Fix NFSv4's PUTPUBFH operation" 2024-11-24 00:23:02 +01:00
nfscache.c Revert "NFSD: Refactor nfsd_reply_cache_free_locked()" 2024-11-24 00:23:45 +01:00
nfsctl.c Revert "nfsd: expose /proc/net/sunrpc/nfsd in net namespaces" 2024-11-24 00:23:44 +01:00
nfsd.h Revert "nfsd: remove nfsd_stats, make th_cnt a global counter" 2024-11-24 00:23:43 +01:00
nfsfh.c Revert "nfsd: make all of the nfsd stats per-network namespace" 2024-11-24 00:23:43 +01:00
nfsfh.h NFSD: Use const pointers as parameters to fh_ helpers 2024-11-19 12:28:27 +01:00
nfsproc.c NFSD: Use set_bit(RQ_DROPME) 2024-11-19 12:28:29 +01:00
nfssvc.c Revert "NFSD: simplify error paths in nfsd_svc()" 2024-11-24 00:23:45 +01:00
nfsxdr.c NFSD: Clean up WRITE arg decoders 2024-11-19 12:28:23 +01:00
pnfs.h
state.h NFSD: add delegation reaper to react to low memory condition 2024-11-19 12:28:29 +01:00
stats.c Revert "NFSD: Rewrite synopsis of nfsd_percpu_counters_init()" 2024-11-24 00:23:45 +01:00
stats.h Revert "NFSD: Rewrite synopsis of nfsd_percpu_counters_init()" 2024-11-24 00:23:45 +01:00
trace.c NFSD: Add SPDX header for fs/nfsd/trace.c 2024-11-19 12:27:20 +01:00
trace.h Revert "NFSD: Replace nfsd_prune_bucket()" 2024-11-24 00:23:45 +01:00
vfs.c Revert "nfsd: make all of the nfsd stats per-network namespace" 2024-11-24 00:23:43 +01:00
vfs.h NFSD: Pass the target nfsd_file to nfsd_commit() 2024-11-19 12:28:26 +01:00
xdr.h SUNRPC: Change return value type of .pc_encode 2024-11-19 12:27:48 +01:00
xdr3.h SUNRPC: Change return value type of .pc_encode 2024-11-19 12:27:48 +01:00
xdr4.h NFSD: Limit the number of concurrent async COPY operations 2024-12-17 13:20:51 +01:00
xdr4cb.h NFSD: add support for sending CB_RECALL_ANY 2024-11-19 12:28:29 +01:00