tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'nfs-for-5.7-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes from Trond Myklebust:
"Highlights include:

Stable fixes:
- nfs: fix NULL deference in nfs4_get_valid_delegation

Bugfixes:
- Fix corruption of the return value in cachefiles_read_or_alloc_pages()
- Fix several fscache cookie issues
- Fix a fscache queuing race that can trigger a BUG_ON
- NFS: Fix two use-after-free regressions due to the RPC_TASK_CRED_NOREF flag
- SUNRPC: Fix a use-after-free regression in rpc_free_client_work()
- SUNRPC: Fix a race when tearing down the rpc client debugfs directory
- SUNRPC: Signalled ASYNC tasks need to exit
- NFSv3: fix rpc receive buffer size for MOUNT call"

* tag 'nfs-for-5.7-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFSv3: fix rpc receive buffer size for MOUNT call
SUNRPC: 'Directory with parent 'rpc_clnt' already present!'
NFS/pnfs: Don't use RPC_TASK_CRED_NOREF with pnfs
NFS: Don't use RPC_TASK_CRED_NOREF with delegreturn
SUNRPC: Signalled ASYNC tasks need to exit
nfs: fix NULL deference in nfs4_get_valid_delegation
SUNRPC: fix use-after-free in rpc_free_client_work()
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
NFSv4: Fix fscache cookie aux_data to ensure change_attr is included
NFS: Fix fscache super_cookie allocation
NFS: Fix fscache super_cookie index_key from changing after umount
cachefiles: Fix corruption of the return value in cachefiles_read_or_alloc_pages()

Linus Torvalds 12bf0b63 f85c1598

+42 -38
+6 -6
fs/cachefiles/rdwr.c
··· 60 60 object = container_of(op->op.object, struct cachefiles_object, fscache); 61 61 spin_lock(&object->work_lock); 62 62 list_add_tail(&monitor->op_link, &op->to_do); 63 + fscache_enqueue_retrieval(op); 63 64 spin_unlock(&object->work_lock); 64 65 65 - fscache_enqueue_retrieval(op); 66 66 fscache_put_retrieval(op); 67 67 return 0; 68 68 } ··· 398 398 struct inode *inode; 399 399 sector_t block; 400 400 unsigned shift; 401 - int ret; 401 + int ret, ret2; 402 402 403 403 object = container_of(op->op.object, 404 404 struct cachefiles_object, fscache); ··· 430 430 block = page->index; 431 431 block <<= shift; 432 432 433 - ret = bmap(inode, &block); 434 - ASSERT(ret < 0); 433 + ret2 = bmap(inode, &block); 434 + ASSERT(ret2 == 0); 435 435 436 436 _debug("%llx -> %llx", 437 437 (unsigned long long) (page->index << shift), ··· 739 739 block = page->index; 740 740 block <<= shift; 741 741 742 - ret = bmap(inode, &block); 743 - ASSERT(!ret); 742 + ret2 = bmap(inode, &block); 743 + ASSERT(ret2 == 0); 744 744 745 745 _debug("%llx -> %llx", 746 746 (unsigned long long) (page->index << shift),
+18 -21
fs/nfs/fscache.c
··· 118 118 119 119 nfss->fscache_key = NULL; 120 120 nfss->fscache = NULL; 121 - if (!(nfss->options & NFS_OPTION_FSCACHE)) 122 - return; 123 121 if (!uniq) { 124 122 uniq = ""; 125 123 ulen = 1; ··· 186 188 /* create a cache index for looking up filehandles */ 187 189 nfss->fscache = fscache_acquire_cookie(nfss->nfs_client->fscache, 188 190 &nfs_fscache_super_index_def, 189 - key, sizeof(*key) + ulen, 191 + &key->key, 192 + sizeof(key->key) + ulen, 190 193 NULL, 0, 191 194 nfss, 0, true); 192 195 dfprintk(FSCACHE, "NFS: get superblock cookie (0x%p/0x%p)\n", ··· 225 226 } 226 227 } 227 228 229 + static void nfs_fscache_update_auxdata(struct nfs_fscache_inode_auxdata *auxdata, 230 + struct nfs_inode *nfsi) 231 + { 232 + memset(auxdata, 0, sizeof(*auxdata)); 233 + auxdata->mtime_sec = nfsi->vfs_inode.i_mtime.tv_sec; 234 + auxdata->mtime_nsec = nfsi->vfs_inode.i_mtime.tv_nsec; 235 + auxdata->ctime_sec = nfsi->vfs_inode.i_ctime.tv_sec; 236 + auxdata->ctime_nsec = nfsi->vfs_inode.i_ctime.tv_nsec; 237 + 238 + if (NFS_SERVER(&nfsi->vfs_inode)->nfs_client->rpc_ops->version == 4) 239 + auxdata->change_attr = inode_peek_iversion_raw(&nfsi->vfs_inode); 240 + } 241 + 228 242 /* 229 243 * Initialise the per-inode cache cookie pointer for an NFS inode. 230 244 */ ··· 251 239 if (!(nfss->fscache && S_ISREG(inode->i_mode))) 252 240 return; 253 241 254 - memset(&auxdata, 0, sizeof(auxdata)); 255 - auxdata.mtime_sec = nfsi->vfs_inode.i_mtime.tv_sec; 256 - auxdata.mtime_nsec = nfsi->vfs_inode.i_mtime.tv_nsec; 257 - auxdata.ctime_sec = nfsi->vfs_inode.i_ctime.tv_sec; 258 - auxdata.ctime_nsec = nfsi->vfs_inode.i_ctime.tv_nsec; 259 - 260 - if (NFS_SERVER(&nfsi->vfs_inode)->nfs_client->rpc_ops->version == 4) 261 - auxdata.change_attr = inode_peek_iversion_raw(&nfsi->vfs_inode); 242 + nfs_fscache_update_auxdata(&auxdata, nfsi); 262 243 263 244 nfsi->fscache = fscache_acquire_cookie(NFS_SB(inode->i_sb)->fscache, 264 245 &nfs_fscache_inode_object_def, ··· 271 266 272 267 dfprintk(FSCACHE, "NFS: clear cookie (0x%p/0x%p)\n", nfsi, cookie); 273 268 274 - memset(&auxdata, 0, sizeof(auxdata)); 275 - auxdata.mtime_sec = nfsi->vfs_inode.i_mtime.tv_sec; 276 - auxdata.mtime_nsec = nfsi->vfs_inode.i_mtime.tv_nsec; 277 - auxdata.ctime_sec = nfsi->vfs_inode.i_ctime.tv_sec; 278 - auxdata.ctime_nsec = nfsi->vfs_inode.i_ctime.tv_nsec; 269 + nfs_fscache_update_auxdata(&auxdata, nfsi); 279 270 fscache_relinquish_cookie(cookie, &auxdata, false); 280 271 nfsi->fscache = NULL; 281 272 } ··· 311 310 if (!fscache_cookie_valid(cookie)) 312 311 return; 313 312 314 - memset(&auxdata, 0, sizeof(auxdata)); 315 - auxdata.mtime_sec = nfsi->vfs_inode.i_mtime.tv_sec; 316 - auxdata.mtime_nsec = nfsi->vfs_inode.i_mtime.tv_nsec; 317 - auxdata.ctime_sec = nfsi->vfs_inode.i_ctime.tv_sec; 318 - auxdata.ctime_nsec = nfsi->vfs_inode.i_ctime.tv_nsec; 313 + nfs_fscache_update_auxdata(&auxdata, nfsi); 319 314 320 315 if (inode_is_open_for_write(inode)) { 321 316 dfprintk(FSCACHE, "NFS: nfsi 0x%p disabling cache\n", nfsi);
+2 -1
fs/nfs/mount_clnt.c
··· 30 30 #define encode_dirpath_sz (1 + XDR_QUADLEN(MNTPATHLEN)) 31 31 #define MNT_status_sz (1) 32 32 #define MNT_fhandle_sz XDR_QUADLEN(NFS2_FHSIZE) 33 + #define MNT_fhandlev3_sz XDR_QUADLEN(NFS3_FHSIZE) 33 34 #define MNT_authflav3_sz (1 + NFS_MAX_SECFLAVORS) 34 35 35 36 /* ··· 38 37 */ 39 38 #define MNT_enc_dirpath_sz encode_dirpath_sz 40 39 #define MNT_dec_mountres_sz (MNT_status_sz + MNT_fhandle_sz) 41 - #define MNT_dec_mountres3_sz (MNT_status_sz + MNT_fhandle_sz + \ 40 + #define MNT_dec_mountres3_sz (MNT_status_sz + MNT_fhandlev3_sz + \ 42 41 MNT_authflav3_sz) 43 42 44 43 /*
+1 -1
fs/nfs/nfs4proc.c
··· 6347 6347 .rpc_client = server->client, 6348 6348 .rpc_message = &msg, 6349 6349 .callback_ops = &nfs4_delegreturn_ops, 6350 - .flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF | RPC_TASK_TIMEOUT, 6350 + .flags = RPC_TASK_ASYNC | RPC_TASK_TIMEOUT, 6351 6351 }; 6352 6352 int status = 0; 6353 6353
+1 -1
fs/nfs/nfs4state.c
··· 734 734 state = new; 735 735 state->owner = owner; 736 736 atomic_inc(&owner->so_count); 737 - list_add_rcu(&state->inode_states, &nfsi->open_states); 738 737 ihold(inode); 739 738 state->inode = inode; 739 + list_add_rcu(&state->inode_states, &nfsi->open_states); 740 740 spin_unlock(&inode->i_lock); 741 741 /* Note: The reclaim code dictates that we add stateless 742 742 * and read-only stateids to the end of the list */
+3 -2
fs/nfs/pagelist.c
··· 752 752 .callback_ops = call_ops, 753 753 .callback_data = hdr, 754 754 .workqueue = nfsiod_workqueue, 755 - .flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF | flags, 755 + .flags = RPC_TASK_ASYNC | flags, 756 756 }; 757 757 758 758 hdr->rw_ops->rw_initiate(hdr, &msg, rpc_ops, &task_setup_data, how); ··· 950 950 hdr->cred, 951 951 NFS_PROTO(hdr->inode), 952 952 desc->pg_rpc_callops, 953 - desc->pg_ioflags, 0); 953 + desc->pg_ioflags, 954 + RPC_TASK_CRED_NOREF); 954 955 return ret; 955 956 } 956 957
+2 -1
fs/nfs/pnfs_nfs.c
··· 536 536 nfs_init_commit(data, NULL, NULL, cinfo); 537 537 nfs_initiate_commit(NFS_CLIENT(inode), data, 538 538 NFS_PROTO(data->inode), 539 - data->mds_ops, how, 0); 539 + data->mds_ops, how, 540 + RPC_TASK_CRED_NOREF); 540 541 } else { 541 542 nfs_init_commit(data, NULL, data->lseg, cinfo); 542 543 initiate_commit(data, how);
-1
fs/nfs/super.c
··· 1189 1189 uniq = ctx->fscache_uniq; 1190 1190 ulen = strlen(ctx->fscache_uniq); 1191 1191 } 1192 - return; 1193 1192 } 1194 1193 1195 1194 nfs_fscache_get_super_cookie(sb, uniq, ulen);
+2 -2
fs/nfs/write.c
··· 1695 1695 .callback_ops = call_ops, 1696 1696 .callback_data = data, 1697 1697 .workqueue = nfsiod_workqueue, 1698 - .flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF | flags, 1698 + .flags = RPC_TASK_ASYNC | flags, 1699 1699 .priority = priority, 1700 1700 }; 1701 1701 /* Set up the initial task struct. */ ··· 1813 1813 nfs_init_commit(data, head, NULL, cinfo); 1814 1814 atomic_inc(&cinfo->mds->rpcs_out); 1815 1815 return nfs_initiate_commit(NFS_CLIENT(inode), data, NFS_PROTO(inode), 1816 - data->mds_ops, how, 0); 1816 + data->mds_ops, how, RPC_TASK_CRED_NOREF); 1817 1817 } 1818 1818 1819 1819 /*
+7 -2
net/sunrpc/clnt.c
··· 889 889 * here. 890 890 */ 891 891 rpc_clnt_debugfs_unregister(clnt); 892 + rpc_free_clid(clnt); 892 893 rpc_clnt_remove_pipedir(clnt); 894 + xprt_put(rcu_dereference_raw(clnt->cl_xprt)); 893 895 894 896 kfree(clnt); 895 897 rpciod_down(); ··· 909 907 rpc_unregister_client(clnt); 910 908 rpc_free_iostats(clnt->cl_metrics); 911 909 clnt->cl_metrics = NULL; 912 - xprt_put(rcu_dereference_raw(clnt->cl_xprt)); 913 910 xprt_iter_destroy(&clnt->cl_xpi); 914 911 put_cred(clnt->cl_cred); 915 - rpc_free_clid(clnt); 916 912 917 913 INIT_WORK(&clnt->cl_work, rpc_free_client_work); 918 914 schedule_work(&clnt->cl_work); ··· 2432 2432 rpc_check_timeout(struct rpc_task *task) 2433 2433 { 2434 2434 struct rpc_clnt *clnt = task->tk_client; 2435 + 2436 + if (RPC_SIGNALLED(task)) { 2437 + rpc_call_rpcerror(task, -ERESTARTSYS); 2438 + return; 2439 + } 2435 2440 2436 2441 if (xprt_adjust_timeout(task->tk_rqstp) == 0) 2437 2442 return;