nfs: fix false positives in nfs40_walk_client_list()

It's possible that two different servers can return the same (clientid,
verifier) pair purely by coincidence.  Both are 64-bit values, but
depending on the server implementation, they can be highly predictable
and collisions may be quite likely, especially when there are lots of
servers.

So, check for this case.  If the clientid and verifier both match, then
we actually know they *can't* be the same server, since a new
SETCLIENTID to an already-known server should have changed the verifier.

This helps fix a bug that could cause the client to mount a filesystem
from the wrong server.

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Yongcheng Yang <yoyang@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index 074ac7131459ebc378ef3a1cf50244ff758f2a88..9301040b553dcc2f7eb41da3ce14d068e23bb639 100644 (file)
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -464,6 +464,11 @@ static bool nfs4_match_client_owner_id(const struct nfs_client *clp1,
        return strcmp(clp1->cl_owner_id, clp2->cl_owner_id) == 0;
 }
 
+static bool nfs4_same_verifier(nfs4_verifier *v1, nfs4_verifier *v2)
+{
+       return memcmp(v1->data, v2->data, sizeof(v1->data)) == 0;
+}
+
 /**
  * nfs40_walk_client_list - Find server that recognizes a client ID
  *
@@ -521,7 +526,21 @@ int nfs40_walk_client_list(struct nfs_client *new,
 
                if (!nfs4_match_client_owner_id(pos, new))
                        continue;
-
+               /*
+                * We just sent a new SETCLIENTID, which should have
+                * caused the server to return a new cl_confirm.  So if
+                * cl_confirm is the same, then this is a different
+                * server that just returned the same cl_confirm by
+                * coincidence:
+                */
+               if ((new != pos) && nfs4_same_verifier(&pos->cl_confirm,
+                                                      &new->cl_confirm))
+                       continue;
+               /*
+                * But if the cl_confirm's are different, then the only
+                * way that a SETCLIENTID_CONFIRM to pos can succeed is
+                * if new and pos point to the same server:
+                */
                atomic_inc(&pos->cl_count);
                spin_unlock(&nn->nfs_client_lock);
 
@@ -534,6 +553,7 @@ int nfs40_walk_client_list(struct nfs_client *new,
                        break;
                case 0:
                        nfs4_swap_callback_idents(pos, new);
+                       pos->cl_confirm = new->cl_confirm;
 
                        prev = NULL;
                        *result = pos;