[PATCH 00/10] nfsd: a pile of fixes for random bugs
From: Jeff Layton
Date: Thu May 28 2026 - 17:59:04 EST
These bugs were categorized as remotely-triggerable panics, UAFs, DoS's,
etc., but they aren't reliable. There are also a few protocol fixes in
here too, etc. It's a grab bag.
A few of the patches were not authored by me. In particular, this patch
was submitted by Chuck a couple of years ago:
NFSD: Enable return of an updated stable_how to NFS clients
...but Claude believes that this fixes a real bug and isn't optional.
The set passes basic pynfs smoke testing.
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
Chris Mason (6):
nfsd: drain callbacks and clear cl_cb_session
nfsd: serialize nfsd4_end_grace() with atomic test-and-set
nfsd: dedup nfs4_client_to_reclaim inserts
nfsd: gate nfs3 setacl by argp->mask
nfsd: fix partial-write detection in nfsd_direct_write
nfsd: cap decoded POSIX ACL count to bound sort cost
Chuck Lever (2):
NFSD: Enable return of an updated stable_how to NFS clients
NFSD: check truncate permission under inode lock
Jeff Layton (2):
nfsd: fix BUG_ON in nfsd4_alloc_layout_stateid on racing delegation revoke
nfsd: validate symlink target length in NFSv4 CREATE
fs/nfsd/nfs3acl.c | 17 +++++++++++------
fs/nfsd/nfs3proc.c | 2 +-
fs/nfsd/nfs4callback.c | 21 ++++++++++++++++----
fs/nfsd/nfs4layouts.c | 12 +++++++++---
fs/nfsd/nfs4proc.c | 2 +-
fs/nfsd/nfs4recover.c | 16 +++++++++++++---
fs/nfsd/nfs4state.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++---
fs/nfsd/nfs4xdr.c | 6 ++++++
fs/nfsd/nfsproc.c | 3 ++-
fs/nfsd/vfs.c | 46 +++++++++++++++++++++++++++-----------------
fs/nfsd/vfs.h | 6 ++++--
fs/nfsd/xdr3.h | 2 +-
12 files changed, 142 insertions(+), 43 deletions(-)
---
base-commit: bbe29ec5b789b9e613170cf0d869260c9128e1e0
change-id: 20260528-nfsd-fixes-89a6e5e20c9d
Best regards,
--
Jeff Layton <jlayton@xxxxxxxxxx>