msnfs41client: Patch for ro-fs-return codes, clean pointes are RxFreePooled(), daemon with high prio etc., 2023-11-22
Posted by Anonymous on Wed 22nd Nov 2023 17:13
raw | new post

From 1e1475d1a8cd14cabee68f38c990118390d43866 Mon Sep 17 00:00:00 2001
From: Roland Mainz <roland.mainz@nrubsig.org>
Date: Tue, 21 Nov 2023 23:36:19 +0100
Subject: [PATCH 1/4] sys/nfs41_driver: Return STATUS_MEDIA_WRITE_PROTECTED for
 "ro" mounts

Return STATUS_MEDIA_WRITE_PROTECTED for read-only mounts (instead of
STATUS_ACCESS_DENIED), as other filesystems do and the Microsoft specs
mandate.

Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com>
---
 sys/nfs41_driver.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c
index 0a04a6e..4e6b483 100644
--- a/sys/nfs41_driver.c
+++ b/sys/nfs41_driver.c
@@ -3549,7 +3549,7 @@ NTSTATUS check_nfs41_create_args(

     if (pVNetRootContext->read_only &&
             (params->DesiredAccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))) {
-        status = STATUS_NETWORK_ACCESS_DENIED;
+        status = STATUS_MEDIA_WRITE_PROTECTED;
         goto out;
     }

@@ -4649,7 +4649,7 @@ NTSTATUS check_nfs41_setea_args(
     }
     if (pVNetRootContext->read_only) {
         print_error("check_nfs41_setattr_args: Read-only mount\n");
-        status = STATUS_ACCESS_DENIED;
+        status = STATUS_MEDIA_WRITE_PROTECTED;
         goto out;
     }
 out:
@@ -5174,7 +5174,7 @@ NTSTATUS check_nfs41_setacl_args(

     if (pVNetRootContext->read_only) {
         print_error("check_nfs41_setacl_args: Read-only mount\n");
-        status = STATUS_ACCESS_DENIED;
+        status = STATUS_MEDIA_WRITE_PROTECTED;
         goto out;
     }
     /* we don't support sacls */
@@ -5488,7 +5488,7 @@ NTSTATUS check_nfs41_setattr_args(

     if (pVNetRootContext->read_only) {
         print_error("check_nfs41_setattr_args: Read-only mount\n");
-        status = STATUS_ACCESS_DENIED;
+        status = STATUS_MEDIA_WRITE_PROTECTED;
         goto out;
     }

@@ -5984,7 +5984,7 @@ NTSTATUS check_nfs41_write_args(

     if (pVNetRootContext->read_only) {
         print_error("check_nfs41_write_args: Read-only mount\n");
-        status = STATUS_ACCESS_DENIED;
+        status = STATUS_MEDIA_WRITE_PROTECTED;
         goto out;
     }
 out:
--
2.42.1

From 473516870d1a6a9a977713918eaa20d5f143df6a Mon Sep 17 00:00:00 2001
From: Roland Mainz <roland.mainz@nrubsig.org>
Date: Wed, 22 Nov 2023 00:19:29 +0100
Subject: [PATCH 2/4] sys/nfs41_driver: Set ptrs to NULL after passing them to
 |RxFreePool()|

Set pointers passed to |RxFreePool()| to NULL afterwards, e.g.
replace |RxFreePool(ptr);| by |RxFreePool(ptr); ptr = NULL;|.
This fixes some potential use-after-free risks.

Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com>
---
 sys/nfs41_driver.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/nfs41_driver.c b/sys/nfs41_driver.c
index 4e6b483..d9ae5a1 100644
--- a/sys/nfs41_driver.c
+++ b/sys/nfs41_driver.c
@@ -1452,6 +1452,7 @@ NTSTATUS nfs41_UpcallCreate(
                 "SeCreateClientSecurityFromSubjectContext failed with %x\n",
                 status);
             RxFreePool(entry);
+           entry = NULL;
         } else
             entry->psec_ctx = &entry->sec_ctx;
         SeReleaseSubjectContext(&sec_ctx);
@@ -3303,6 +3304,7 @@ NTSTATUS nfs41_FinalizeNetRoot(
         }
         nfs41_RemoveEntry(pNetRootContext->mountLock, mount_tmp);
         RxFreePool(mount_tmp);
+        mount_tmp = NULL;
     } while (1);
     /* ignore any errors from unmount */
     status = STATUS_SUCCESS;
@@ -3758,6 +3760,7 @@ retry_on_link:
         RtlCopyMemory(buf, entry->u.Open.symlink.Buffer,
             entry->u.Open.symlink.Length);
         RxFreePool(entry->u.Open.symlink.Buffer);
+        entry->u.Open.symlink.Buffer = NULL;
         buf += entry->u.Open.symlink.Length;
         *(PWCHAR)buf = UNICODE_NULL;

@@ -4152,8 +4155,10 @@ NTSTATUS nfs41_DeallocateForFobx(
     IN OUT PMRX_FOBX pFobx)
 {
     __notnull PNFS41_FOBX nfs41_fobx = NFS41GetFobxExtension(pFobx);
-    if (nfs41_fobx->acl)
+    if (nfs41_fobx->acl) {
         RxFreePool(nfs41_fobx->acl);
+        nfs41_fobx->acl = NULL;
+    }
     return STATUS_SUCCESS;
 }

@@ -5135,6 +5140,7 @@ NTSTATUS nfs41_QuerySecurityInformation(
         InterlockedAdd64(&getacl.size, entry->u.Acl.buf_len);
 #endif
         RxFreePool(entry->buf);
+        entry->buf = NULL;
         nfs41_fobx->acl = NULL;
         nfs41_fobx->acl_len = 0;
         RxContext->IoStatusBlock.Information = RxContext->InformationToReturn =
--
2.42.1

From 81642a9e0427e2fdaf9ae0c2042049a5dbd63311 Mon Sep 17 00:00:00 2001
From: Roland Mainz <roland.mainz@nrubsig.org>
Date: Wed, 22 Nov 2023 00:30:50 +0100
Subject: [PATCH 3/4] tests/manual_testing.txt: Update gcc procedures to catch
 all configs

Update gcc manual testing procedure to catch&modify all ./configure
and Makefile.in files.

Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com>
---
 tests/manual_testing.txt | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/manual_testing.txt b/tests/manual_testing.txt
index 5f4b74a..3058c0b 100644
--- a/tests/manual_testing.txt
+++ b/tests/manual_testing.txt
@@ -60,13 +60,17 @@ MSBuild.exe build.vc19/nfs41-client.sln -t:Build  -p:Configuration=Release -p:Pl
 #
 # gcc
 #
+
+
 git clone -b 'releases/gcc-13.2.0' git://gcc.gnu.org/git/gcc.git
 cd gcc/
 # Cygwin: workaround for configure using cp -p where ln -s should be used
-sed -i "s/as_ln_s='cp -pR'/as_ln_s='ln -s'/g" configure
+# (this is an automake/autoconf issue, they should trust Cygwin and not use
+# ancient workarounds for issues which no longer exists)
+(set -o xtrace ; sed -i "s/as_ln_s='cp -pR'/as_ln_s='ln -s'/g" $(find . -name configure) )
 ./configure
 # workaround for $ cp -p # failing with "Function not implemented"
-(set -o xtrace ; sed -i -r 's/(cp.*)([[:space:]]+-p[[:space:]]+)/\1\2--no-preserve=ownership /g' $(find . -name Makefile) )
+(set -o xtrace ; sed -i -r 's/(cp.*)([[:space:]]+-p[[:space:]]+)/\1\2--no-preserve=ownership /g' $(find . -name Makefile -o -name Makefile.in) )
 # repeat:
 make -j4 clean
 (yes | make -j32 all)
--
2.42.1

From 2ac6f86294da08490302e9469c47aa550319e146 Mon Sep 17 00:00:00 2001
From: Roland Mainz <roland.mainz@nrubsig.org>
Date: Wed, 22 Nov 2023 01:47:01 +0100
Subject: [PATCH 4/4] daemon: Daemon should run with "high priority" to avoid
 prio-inversion

The nfsd daemon should run with HIGH_PRIORITY_CLASS priority
to avoid priority inversion issues if a high-priority process
using the NFSv4 filesystem steals CPU time from the NFSv4 filesystem
daemon on very busy systems.

Fixes build time issues with Cygwin/gcc parallel builds.

Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com>
---
 daemon/nfs41_daemon.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/daemon/nfs41_daemon.c b/daemon/nfs41_daemon.c
index 4ab96d9..5e40a83 100644
--- a/daemon/nfs41_daemon.c
+++ b/daemon/nfs41_daemon.c
@@ -428,6 +428,18 @@ VOID ServiceStart(DWORD argc, LPTSTR *argv)
         exit(1);
     }

+    /*
+     * Set high priority class to avoid that the daemon gets stomped
+     * by other processes, which might lead to some kind of priority
+     * inversion
+     */
+    if(SetPriorityClass(GetCurrentProcess(), HIGH_PRIORITY_CLASS)) {
+        dprintf(0, "Running as HIGH_PRIORITY_CLASS\n");
+    }
+    else {
+        eprintf("Failed to enter HIGH_PRIORITY_CLASS mode\n");
+    }
+
 #ifdef NFS41_DRIVER_FEATURE_NAMESERVICE_CYGWIN
     /* force enable for cygwin getent passwd/group testing */
     cmd_args.ldap_enable = TRUE;
--
2.42.1