--- /dev/null
+From c208fbcec3ca245dc6dfae16fd56a767b20edf98 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 3 Jun 2021 15:37:53 +0300
+Subject: NFS: Fix a potential NULL dereference in nfs_get_client()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 09226e8303beeec10f2ff844d2e46d1371dc58e0 ]
+
+None of the callers are expecting NULL returns from nfs_get_client() so
+this code will lead to an Oops. It's better to return an error
+pointer. I expect that this is dead code so hopefully no one is
+affected.
+
+Fixes: 31434f496abb ("nfs: check hostname in nfs_get_client")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/nfs/client.c b/fs/nfs/client.c
+index 4b8cc93913f7..723d425796cc 100644
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -406,7 +406,7 @@ struct nfs_client *nfs_get_client(const struct nfs_client_initdata *cl_init)
+
+ if (cl_init->hostname == NULL) {
+ WARN_ON(1);
+- return NULL;
++ return ERR_PTR(-EINVAL);
+ }
+
+ /* see if the client already exists */
+--
+2.30.2
+
--- /dev/null
+From 0929dae8ac7ff74ef14348886b07f3260c7b37d2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 1 Jun 2021 11:10:05 -0400
+Subject: NFSv4: Fix deadlock between nfs4_evict_inode() and
+ nfs4_opendata_get_inode()
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+[ Upstream commit dfe1fe75e00e4c724ede7b9e593f6f680e446c5f ]
+
+If the inode is being evicted, but has to return a delegation first,
+then it can cause a deadlock in the corner case where the server reboots
+before the delegreturn completes, but while the call to iget5_locked() in
+nfs4_opendata_get_inode() is waiting for the inode free to complete.
+Since the open call still holds a session slot, the reboot recovery
+cannot proceed.
+
+In order to break the logjam, we can turn the delegation return into a
+privileged operation for the case where we're evicting the inode. We
+know that in that case, there can be no other state recovery operation
+that conflicts.
+
+Reported-by: zhangxiaoxu (A) <zhangxiaoxu5@huawei.com>
+Fixes: 5fcdfacc01f3 ("NFSv4: Return delegations synchronously in evict_inode")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs4_fs.h | 1 +
+ fs/nfs/nfs4proc.c | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
+index 065cb04222a1..543d916f79ab 100644
+--- a/fs/nfs/nfs4_fs.h
++++ b/fs/nfs/nfs4_fs.h
+@@ -205,6 +205,7 @@ struct nfs4_exception {
+ struct inode *inode;
+ nfs4_stateid *stateid;
+ long timeout;
++ unsigned char task_is_privileged : 1;
+ unsigned char delay : 1,
+ recovering : 1,
+ retry : 1;
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index c92d6ff0fcea..959c2aa2180d 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -592,6 +592,8 @@ int nfs4_handle_exception(struct nfs_server *server, int errorcode, struct nfs4_
+ goto out_retry;
+ }
+ if (exception->recovering) {
++ if (exception->task_is_privileged)
++ return -EDEADLOCK;
+ ret = nfs4_wait_clnt_recover(clp);
+ if (test_bit(NFS_MIG_FAILED, &server->mig_status))
+ return -EIO;
+@@ -617,6 +619,8 @@ nfs4_async_handle_exception(struct rpc_task *task, struct nfs_server *server,
+ goto out_retry;
+ }
+ if (exception->recovering) {
++ if (exception->task_is_privileged)
++ return -EDEADLOCK;
+ rpc_sleep_on(&clp->cl_rpcwaitq, task, NULL);
+ if (test_bit(NFS4CLNT_MANAGER_RUNNING, &clp->cl_state) == 0)
+ rpc_wake_up_queued_task(&clp->cl_rpcwaitq, task);
+@@ -6383,6 +6387,7 @@ static void nfs4_delegreturn_done(struct rpc_task *task, void *calldata)
+ struct nfs4_exception exception = {
+ .inode = data->inode,
+ .stateid = &data->stateid,
++ .task_is_privileged = data->args.seq_args.sa_privileged,
+ };
+
+ if (!nfs4_sequence_done(task, &data->res.seq_res))
+@@ -6506,7 +6511,6 @@ static int _nfs4_proc_delegreturn(struct inode *inode, const struct cred *cred,
+ data = kzalloc(sizeof(*data), GFP_NOFS);
+ if (data == NULL)
+ return -ENOMEM;
+- nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1, 0);
+
+ nfs4_state_protect(server->nfs_client,
+ NFS_SP4_MACH_CRED_CLEANUP,
+@@ -6537,6 +6541,12 @@ static int _nfs4_proc_delegreturn(struct inode *inode, const struct cred *cred,
+ }
+ }
+
++ if (!data->inode)
++ nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1,
++ 1);
++ else
++ nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1,
++ 0);
+ task_setup_data.callback_data = data;
+ msg.rpc_argp = &data->args;
+ msg.rpc_resp = &data->res;
+--
+2.30.2
+
--- /dev/null
+From 7ed87d9d567e3b6ae6ade351d52f97da8bb7f0c3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 5 Jun 2021 13:29:57 +0800
+Subject: perf session: Correct buffer copying when peeking events
+
+From: Leo Yan <leo.yan@linaro.org>
+
+[ Upstream commit 197eecb6ecae0b04bd694432f640ff75597fed9c ]
+
+When peeking an event, it has a short path and a long path. The short
+path uses the session pointer "one_mmap_addr" to directly fetch the
+event; and the long path needs to read out the event header and the
+following event data from file and fill into the buffer pointer passed
+through the argument "buf".
+
+The issue is in the long path that it copies the event header and event
+data into the same destination address which pointer "buf", this means
+the event header is overwritten. We are just lucky to run into the
+short path in most cases, so we don't hit the issue in the long path.
+
+This patch adds the offset "hdr_sz" to the pointer "buf" when copying
+the event data, so that it can reserve the event header which can be
+used properly by its caller.
+
+Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()")
+Signed-off-by: Leo Yan <leo.yan@linaro.org>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Acked-by: Jiri Olsa <jolsa@redhat.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/session.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
+index 63b619084b34..9dddec19a494 100644
+--- a/tools/perf/util/session.c
++++ b/tools/perf/util/session.c
+@@ -1699,6 +1699,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
+ if (event->header.size < hdr_sz || event->header.size > buf_sz)
+ return -1;
+
++ buf += hdr_sz;
+ rest = event->header.size - hdr_sz;
+
+ if (readn(fd, buf, rest) != (ssize_t)rest)
+--
+2.30.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
