--- /dev/null
+From 18e3b739fdc826481c6a1335ce0c5b19b3d415da Mon Sep 17 00:00:00 2001
+From: Kinglong Mee <kinglongmee@gmail.com>
+Date: Sat, 15 Aug 2015 21:52:10 +0800
+Subject: NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client
+
+From: Kinglong Mee <kinglongmee@gmail.com>
+
+commit 18e3b739fdc826481c6a1335ce0c5b19b3d415da upstream.
+
+---Steps to Reproduce--
+<nfs-server>
+# cat /etc/exports
+/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt)
+/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt)
+
+<nfs-client>
+# mount -t nfs nfs-server:/nfs/ /mnt/
+# ll /mnt/*/
+
+<nfs-server>
+# cat /etc/exports
+/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt,refer=/nfs/old/@nfs-server)
+/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt)
+# service nfs restart
+
+<nfs-client>
+# ll /mnt/*/ --->>>>> oops here
+
+[ 5123.102925] BUG: unable to handle kernel NULL pointer dereference at (null)
+[ 5123.103363] IP: [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
+[ 5123.103752] PGD 587b9067 PUD 3cbf5067 PMD 0
+[ 5123.104131] Oops: 0000 [#1]
+[ 5123.104529] Modules linked in: nfsv4(OE) nfs(OE) fscache(E) nfsd(OE) xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev vmw_balloon parport_pc parport i2c_piix4 shpchp auth_rpcgss nfs_acl vmw_vmci lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi serio_raw scsi_transport_spi e1000 mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd]
+[ 5123.105887] CPU: 0 PID: 15853 Comm: ::1-manager Tainted: G OE 4.2.0-rc6+ #214
+[ 5123.106358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
+[ 5123.106860] task: ffff88007620f300 ti: ffff88005877c000 task.ti: ffff88005877c000
+[ 5123.107363] RIP: 0010:[<ffffffffa03ed38b>] [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
+[ 5123.107909] RSP: 0018:ffff88005877fdb8 EFLAGS: 00010246
+[ 5123.108435] RAX: ffff880053f3bc00 RBX: ffff88006ce6c908 RCX: ffff880053a0d240
+[ 5123.108968] RDX: ffffea0000e6d940 RSI: ffff8800399a0000 RDI: ffff88006ce6c908
+[ 5123.109503] RBP: ffff88005877fe28 R08: ffffffff81c708a0 R09: 0000000000000000
+[ 5123.110045] R10: 00000000000001a2 R11: ffff88003ba7f5c8 R12: ffff880054c55800
+[ 5123.110618] R13: 0000000000000000 R14: ffff880053a0d240 R15: ffff880053a0d240
+[ 5123.111169] FS: 0000000000000000(0000) GS:ffffffff81c27000(0000) knlGS:0000000000000000
+[ 5123.111726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 5123.112286] CR2: 0000000000000000 CR3: 0000000054cac000 CR4: 00000000001406f0
+[ 5123.112888] Stack:
+[ 5123.113458] ffffea0000e6d940 ffff8800399a0000 00000000000167d0 0000000000000000
+[ 5123.114049] 0000000000000000 0000000000000000 0000000000000000 00000000a7ec82c6
+[ 5123.114662] ffff88005877fe18 ffffea0000e6d940 ffff8800399a0000 ffff880054c55800
+[ 5123.115264] Call Trace:
+[ 5123.115868] [<ffffffffa03fb44b>] nfs4_try_migration+0xbb/0x220 [nfsv4]
+[ 5123.116487] [<ffffffffa03fcb3b>] nfs4_run_state_manager+0x4ab/0x7b0 [nfsv4]
+[ 5123.117104] [<ffffffffa03fc690>] ? nfs4_do_reclaim+0x510/0x510 [nfsv4]
+[ 5123.117813] [<ffffffff810a4527>] kthread+0xd7/0xf0
+[ 5123.118456] [<ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
+[ 5123.119108] [<ffffffff816d9cdf>] ret_from_fork+0x3f/0x70
+[ 5123.119723] [<ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
+[ 5123.120329] Code: 4c 8b 6a 58 74 17 eb 52 48 8d 55 a8 89 c6 4c 89 e7 e8 4a b5 ff ff 8b 45 b0 85 c0 74 1c 4c 89 f9 48 8b 55 90 48 8b 75 98 48 89 df <41> ff 55 00 3d e8 d8 ff ff 41 89 c6 74 cf 48 8b 4d c8 65 48 33
+[ 5123.121643] RIP [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
+[ 5123.122308] RSP <ffff88005877fdb8>
+[ 5123.122942] CR2: 0000000000000000
+
+Fixes: ec011fe847 ("NFS: Introduce a vector of migration recovery ops")
+Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -7058,6 +7058,7 @@ static const struct nfs4_minor_version_o
+ .reboot_recovery_ops = &nfs41_reboot_recovery_ops,
+ .nograce_recovery_ops = &nfs41_nograce_recovery_ops,
+ .state_renewal_ops = &nfs41_state_renewal_ops,
++ .mig_recovery_ops = &nfs41_mig_recovery_ops,
+ };
+ #endif
+
--- /dev/null
+From e9ae58aeee8842a50f7e199d602a5ccb2e41a95f Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+Date: Mon, 17 Aug 2015 12:57:07 -0500
+Subject: NFS: nfs_set_pgio_error sometimes misses errors
+
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+
+commit e9ae58aeee8842a50f7e199d602a5ccb2e41a95f upstream.
+
+We should ensure that we always set the pgio_header's error field
+if a READ or WRITE RPC call returns an error. The current code depends
+on 'hdr->good_bytes' always being initialised to a large value, which
+is not always done correctly by callers.
+When this happens, applications may end up missing important errors.
+
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/pagelist.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/nfs/pagelist.c
++++ b/fs/nfs/pagelist.c
+@@ -60,8 +60,8 @@ EXPORT_SYMBOL_GPL(nfs_pgheader_init);
+ void nfs_set_pgio_error(struct nfs_pgio_header *hdr, int error, loff_t pos)
+ {
+ spin_lock(&hdr->lock);
+- if (pos < hdr->io_start + hdr->good_bytes) {
+- set_bit(NFS_IOHDR_ERROR, &hdr->flags);
++ if (!test_and_set_bit(NFS_IOHDR_ERROR, &hdr->flags)
++ || pos < hdr->io_start + hdr->good_bytes) {
+ clear_bit(NFS_IOHDR_EOF, &hdr->flags);
+ hdr->good_bytes = pos - hdr->io_start;
+ hdr->error = error;
--- /dev/null
+From 0c78789e3a030615c6650fde89546cadf40ec2cc Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+Date: Sat, 29 Aug 2015 13:36:30 -0700
+Subject: SUNRPC: xs_reset_transport must mark the connection as disconnected
+
+From: Trond Myklebust <trond.myklebust@primarydata.com>
+
+commit 0c78789e3a030615c6650fde89546cadf40ec2cc upstream.
+
+In case the reconnection attempt fails.
+
+Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/xprtsock.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/sunrpc/xprtsock.c
++++ b/net/sunrpc/xprtsock.c
+@@ -825,6 +825,7 @@ static void xs_reset_transport(struct so
+ sk->sk_user_data = NULL;
+
+ xs_restore_old_callbacks(transport, sk);
++ xprt_clear_connected(xprt);
+ write_unlock_bh(&sk->sk_callback_lock);
+
+ sk->sk_no_check = 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
