tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'nfsd-6.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

Pull nfsd fixes from Chuck Lever:
"Address recently reported issues or issues found at the recent NFS
bake-a-thon held in Raleigh, NC.

Issues reported with v6.18-rc:
- Address a kernel build issue
- Reorder SEQUENCE processing to avoid spurious NFS4ERR_SEQ_MISORDERED

Issues that need expedient stable backports:
- Close a refcount leak exposure
- Report support for NFSv4.2 CLONE correctly
- Fix oops during COPY_NOTIFY processing
- Prevent rare crash after XDR encoding failure
- Prevent crash due to confused or malicious NFSv4.1 client"

* tag 'nfsd-6.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
Revert "SUNRPC: Make RPCSEC_GSS_KRB5 select CRYPTO instead of depending on it"
nfsd: ensure SEQUENCE replay sends a valid reply.
NFSD: Never cache a COMPOUND when the SEQUENCE operation fails
NFSD: Skip close replay processing if XDR encoding fails
NFSD: free copynotify stateid in nfs4_free_ol_stateid()
nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes
nfsd: fix refcount leak in nfsd_set_fh_dentry()

Linus Torvalds 6fa9041b 92385a07

+58 -28
+49 -19
fs/nfsd/nfs4state.c
··· 1542 1542 release_all_access(stp); 1543 1543 if (stp->st_stateowner) 1544 1544 nfs4_put_stateowner(stp->st_stateowner); 1545 - WARN_ON(!list_empty(&stid->sc_cp_list)); 1545 + if (!list_empty(&stid->sc_cp_list)) 1546 + nfs4_free_cpntf_statelist(stid->sc_client->net, stid); 1546 1547 kmem_cache_free(stateid_slab, stid); 1547 1548 } 1548 1549 ··· 3487 3486 struct nfsd4_slot *slot = resp->cstate.slot; 3488 3487 unsigned int base; 3489 3488 3490 - dprintk("--> %s slot %p\n", __func__, slot); 3489 + /* 3490 + * RFC 5661 Section 2.10.6.1.2: 3491 + * 3492 + * Any time SEQUENCE ... returns an error ... [t]he replier MUST NOT 3493 + * modify the reply cache entry for the slot whenever an error is 3494 + * returned from SEQUENCE ... 3495 + * 3496 + * Because nfsd4_store_cache_entry is called only by 3497 + * nfsd4_sequence_done(), nfsd4_store_cache_entry() is called only 3498 + * when a SEQUENCE operation was part of the COMPOUND. 3499 + * nfs41_check_op_ordering() ensures SEQUENCE is the first op. 3500 + */ 3501 + if (resp->opcnt == 1 && resp->cstate.status != nfs_ok) 3502 + return; 3491 3503 3492 3504 slot->sl_flags |= NFSD4_SLOT_INITIALIZED; 3493 3505 slot->sl_opcnt = resp->opcnt; ··· 4363 4349 return true; 4364 4350 } 4365 4351 4352 + /* 4353 + * Note that the response is constructed here both for the case 4354 + * of a new SEQUENCE request and for a replayed SEQUENCE request. 4355 + * We do not cache SEQUENCE responses as SEQUENCE is idempotent. 4356 + */ 4357 + static void nfsd4_construct_sequence_response(struct nfsd4_session *session, 4358 + struct nfsd4_sequence *seq) 4359 + { 4360 + struct nfs4_client *clp = session->se_client; 4361 + 4362 + seq->maxslots_response = max(session->se_target_maxslots, 4363 + seq->maxslots); 4364 + seq->target_maxslots = session->se_target_maxslots; 4365 + 4366 + switch (clp->cl_cb_state) { 4367 + case NFSD4_CB_DOWN: 4368 + seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN; 4369 + break; 4370 + case NFSD4_CB_FAULT: 4371 + seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT; 4372 + break; 4373 + default: 4374 + seq->status_flags = 0; 4375 + } 4376 + if (!list_empty(&clp->cl_revoked)) 4377 + seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED; 4378 + if (atomic_read(&clp->cl_admin_revoked)) 4379 + seq->status_flags |= SEQ4_STATUS_ADMIN_STATE_REVOKED; 4380 + } 4381 + 4366 4382 __be32 4367 4383 nfsd4_sequence(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, 4368 4384 union nfsd4_op_u *u) ··· 4442 4398 dprintk("%s: slotid %d\n", __func__, seq->slotid); 4443 4399 4444 4400 trace_nfsd_slot_seqid_sequence(clp, seq, slot); 4401 + 4402 + nfsd4_construct_sequence_response(session, seq); 4403 + 4445 4404 status = check_slot_seqid(seq->seqid, slot->sl_seqid, slot->sl_flags); 4446 4405 if (status == nfserr_replay_cache) { 4447 4406 status = nfserr_seq_misordered; ··· 4542 4495 } 4543 4496 4544 4497 out: 4545 - seq->maxslots = max(session->se_target_maxslots, seq->maxslots); 4546 - seq->target_maxslots = session->se_target_maxslots; 4547 - 4548 - switch (clp->cl_cb_state) { 4549 - case NFSD4_CB_DOWN: 4550 - seq->status_flags = SEQ4_STATUS_CB_PATH_DOWN; 4551 - break; 4552 - case NFSD4_CB_FAULT: 4553 - seq->status_flags = SEQ4_STATUS_BACKCHANNEL_FAULT; 4554 - break; 4555 - default: 4556 - seq->status_flags = 0; 4557 - } 4558 - if (!list_empty(&clp->cl_revoked)) 4559 - seq->status_flags |= SEQ4_STATUS_RECALLABLE_STATE_REVOKED; 4560 - if (atomic_read(&clp->cl_admin_revoked)) 4561 - seq->status_flags |= SEQ4_STATUS_ADMIN_STATE_REVOKED; 4562 4498 trace_nfsd_seq4_status(rqstp, seq); 4563 4499 out_no_session: 4564 4500 if (conn)
+2 -3
fs/nfsd/nfs4xdr.c
··· 5073 5073 return nfserr; 5074 5074 /* Note slotid's are numbered from zero: */ 5075 5075 /* sr_highest_slotid */ 5076 - nfserr = nfsd4_encode_slotid4(xdr, seq->maxslots - 1); 5076 + nfserr = nfsd4_encode_slotid4(xdr, seq->maxslots_response - 1); 5077 5077 if (nfserr != nfs_ok) 5078 5078 return nfserr; 5079 5079 /* sr_target_highest_slotid */ ··· 5925 5925 */ 5926 5926 warn_on_nonidempotent_op(op); 5927 5927 xdr_truncate_encode(xdr, op_status_offset + XDR_UNIT); 5928 - } 5929 - if (so) { 5928 + } else if (so) { 5930 5929 int len = xdr->buf->len - (op_status_offset + XDR_UNIT); 5931 5930 5932 5931 so->so_replay.rp_status = op->status;
+1
fs/nfsd/nfsd.h
··· 458 458 #define NFSD4_2_SUPPORTED_ATTRS_WORD2 \ 459 459 (NFSD4_1_SUPPORTED_ATTRS_WORD2 | \ 460 460 FATTR4_WORD2_MODE_UMASK | \ 461 + FATTR4_WORD2_CLONE_BLKSIZE | \ 461 462 NFSD4_2_SECURITY_ATTRS | \ 462 463 FATTR4_WORD2_XATTR_SUPPORT | \ 463 464 FATTR4_WORD2_TIME_DELEG_ACCESS | \
+3 -3
fs/nfsd/nfsfh.c
··· 269 269 dentry); 270 270 } 271 271 272 - fhp->fh_dentry = dentry; 273 - fhp->fh_export = exp; 274 - 275 272 switch (fhp->fh_maxsize) { 276 273 case NFS4_FHSIZE: 277 274 if (dentry->d_sb->s_export_op->flags & EXPORT_OP_NOATOMIC_ATTR) ··· 289 292 if (exp->ex_flags & NFSEXP_V4ROOT) 290 293 goto out; 291 294 } 295 + 296 + fhp->fh_dentry = dentry; 297 + fhp->fh_export = exp; 292 298 293 299 return 0; 294 300 out:
+2 -1
fs/nfsd/xdr4.h
··· 574 574 struct nfs4_sessionid sessionid; /* request/response */ 575 575 u32 seqid; /* request/response */ 576 576 u32 slotid; /* request/response */ 577 - u32 maxslots; /* request/response */ 577 + u32 maxslots; /* request */ 578 578 u32 cachethis; /* request */ 579 + u32 maxslots_response; /* response */ 579 580 u32 target_maxslots; /* response */ 580 581 u32 status_flags; /* response */ 581 582 };
+1 -2
net/sunrpc/Kconfig
··· 18 18 19 19 config RPCSEC_GSS_KRB5 20 20 tristate "Secure RPC: Kerberos V mechanism" 21 - depends on SUNRPC 21 + depends on SUNRPC && CRYPTO 22 22 default y 23 23 select SUNRPC_GSS 24 - select CRYPTO 25 24 select CRYPTO_SKCIPHER 26 25 select CRYPTO_HASH 27 26 help