--- /dev/null
+From ab1c282c010c4f327bd7addc3c0035fd8e3c1721 Mon Sep 17 00:00:00 2001
+From: Thorsten Blum <thorsten.blum@linux.dev>
+Date: Wed, 6 Aug 2025 03:10:01 +0200
+Subject: NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
+
+From: Thorsten Blum <thorsten.blum@linux.dev>
+
+commit ab1c282c010c4f327bd7addc3c0035fd8e3c1721 upstream.
+
+Commit 5304877936c0 ("NFSD: Fix strncpy() fortify warning") replaced
+strncpy(,, sizeof(..)) with strlcpy(,, sizeof(..) - 1), but strlcpy()
+already guaranteed NUL-termination of the destination buffer and
+subtracting one byte potentially truncated the source string.
+
+The incorrect size was then carried over in commit 72f78ae00a8e ("NFSD:
+move from strlcpy with unused retval to strscpy") when switching from
+strlcpy() to strscpy().
+
+Fix this off-by-one error by using the full size of the destination
+buffer again.
+
+Cc: stable@vger.kernel.org
+Fixes: 5304877936c0 ("NFSD: Fix strncpy() fortify warning")
+Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4proc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -1335,7 +1335,7 @@ try_again:
+ return 0;
+ }
+ if (work) {
+- strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr) - 1);
++ strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr));
+ refcount_set(&work->nsui_refcnt, 2);
+ work->nsui_busy = true;
+ list_add_tail(&work->nsui_list, &nn->nfsd_ssc_mount_list);
--- /dev/null
+From a082e4b4d08a4a0e656d90c2c05da85f23e6d0c9 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <okorniev@redhat.com>
+Date: Thu, 21 Aug 2025 16:31:46 -0400
+Subject: nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
+
+From: Olga Kornievskaia <okorniev@redhat.com>
+
+commit a082e4b4d08a4a0e656d90c2c05da85f23e6d0c9 upstream.
+
+When v3 NLM request finds a conflicting delegation, it triggers
+a delegation recall and nfsd_open fails with EAGAIN. nfsd_open
+then translates EAGAIN into nfserr_jukebox. In nlm_fopen, instead
+of returning nlm_failed for when there is a conflicting delegation,
+drop this NLM request so that the client retries. Once delegation
+is recalled and if a local lock is claimed, a retry would lead to
+nfsd returning a nlm_lck_blocked error or a successful nlm lock.
+
+Fixes: d343fce148a4 ("[PATCH] knfsd: Allow lockd to drop replies as appropriate")
+Cc: stable@vger.kernel.org # v6.6
+Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/lockd.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/fs/nfsd/lockd.c
++++ b/fs/nfsd/lockd.c
+@@ -48,6 +48,21 @@ nlm_fopen(struct svc_rqst *rqstp, struct
+ switch (nfserr) {
+ case nfs_ok:
+ return 0;
++ case nfserr_jukebox:
++ /* this error can indicate a presence of a conflicting
++ * delegation to an NLM lock request. Options are:
++ * (1) For now, drop this request and make the client
++ * retry. When delegation is returned, client's lock retry
++ * will complete.
++ * (2) NLM4_DENIED as per "spec" signals to the client
++ * that the lock is unavailable now but client can retry.
++ * Linux client implementation does not. It treats
++ * NLM4_DENIED same as NLM4_FAILED and errors the request.
++ * (3) For the future, treat this as blocked lock and try
++ * to callback when the delegation is returned but might
++ * not have a proper lock request to block on.
++ */
++ fallthrough;
+ case nfserr_dropit:
+ return nlm_drop_reply;
+ case nfserr_stale:
--- /dev/null
+From 008385efd05e04d8dff299382df2e8be0f91d8a0 Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Thu, 25 Sep 2025 12:32:37 +0200
+Subject: selftests: mptcp: join: validate C-flag + def limit
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit 008385efd05e04d8dff299382df2e8be0f91d8a0 upstream.
+
+The previous commit adds an exception for the C-flag case. The
+'mptcp_join.sh' selftest is extended to validate this case.
+
+In this subtest, there is a typical CDN deployment with a client where
+MPTCP endpoints have been 'automatically' configured:
+
+- the server set net.mptcp.allow_join_initial_addr_port=0
+
+- the client has multiple 'subflow' endpoints, and the default limits:
+ not accepting ADD_ADDRs.
+
+Without the parent patch, the client is not able to establish new
+subflows using its 'subflow' endpoints. The parent commit fixes that.
+
+The 'Fixes' tag here below is the same as the one from the previous
+commit: this patch here is not fixing anything wrong in the selftests,
+but it validates the previous fix for an issue introduced by this commit
+ID.
+
+Fixes: df377be38725 ("mptcp: add deny_join_id0 in mptcp_options_received")
+Cc: stable@vger.kernel.org
+Reviewed-by: Geliang Tang <geliang@kernel.org>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250925-net-next-mptcp-c-flag-laminar-v1-2-ad126cc47c6b@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
++++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
+@@ -425,6 +425,17 @@ chk_rm_nr()
+ echo Client ns stats
+ ip netns exec $ns2 nstat -as | grep MPTcp
+ fi
++
++ # default limits, server deny join id 0 + signal
++ if reset_with_allow_join_id0 "default limits, server deny join id 0" 0 1; then
++ pm_nl_set_limits $ns1 0 2
++ pm_nl_set_limits $ns2 0 2
++ pm_nl_add_endpoint $ns1 10.0.2.1 flags signal
++ pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow
++ pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow
++ run_tests $ns1 $ns2 10.0.1.1
++ chk_join_nr 2 2 2
++ fi
+ }
+
+ sin=$(mktemp)
spi-cadence-quadspi-flush-posted-register-writes-before-indac-access.patch
x86-umip-check-that-the-instruction-opcode-is-at-least-two-bytes.patch
x86-umip-fix-decoding-of-register-forms-of-0f-01-sgdt-and-sidt-aliases.patch
+selftests-mptcp-join-validate-c-flag-def-limit.patch
+nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch
+nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
