Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.4/nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch b/queue-5.4/nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch
new file mode 100644 (file)
index 0000000..0bf8000
--- /dev/null
+++ b/queue-5.4/nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch
@@ -0,0 +1,38 @@
+From 5390dcb37809a6a8660c13079b1d97e48be41c82 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 3 Jun 2021 15:37:53 +0300
+Subject: NFS: Fix a potential NULL dereference in nfs_get_client()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 09226e8303beeec10f2ff844d2e46d1371dc58e0 ]
+
+None of the callers are expecting NULL returns from nfs_get_client() so
+this code will lead to an Oops.  It's better to return an error
+pointer.  I expect that this is dead code so hopefully no one is
+affected.
+
+Fixes: 31434f496abb ("nfs: check hostname in nfs_get_client")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/nfs/client.c b/fs/nfs/client.c
+index a05f77f9c21e..af838d1ed281 100644
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -399,7 +399,7 @@ struct nfs_client *nfs_get_client(const struct nfs_client_initdata *cl_init)
+ 
+       if (cl_init->hostname == NULL) {
+               WARN_ON(1);
+-              return NULL;
++              return ERR_PTR(-EINVAL);
+       }
+ 
+       /* see if the client already exists */
+-- 
+2.30.2
+

diff --git a/queue-5.4/nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch b/queue-5.4/nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch
new file mode 100644 (file)
index 0000000..14e1ccf
--- /dev/null
+++ b/queue-5.4/nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch
@@ -0,0 +1,97 @@
+From 3ae19ed0ff9e7632ce9fd6d89b9f261d0c39617a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 1 Jun 2021 11:10:05 -0400
+Subject: NFSv4: Fix deadlock between nfs4_evict_inode() and
+ nfs4_opendata_get_inode()
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+[ Upstream commit dfe1fe75e00e4c724ede7b9e593f6f680e446c5f ]
+
+If the inode is being evicted, but has to return a delegation first,
+then it can cause a deadlock in the corner case where the server reboots
+before the delegreturn completes, but while the call to iget5_locked() in
+nfs4_opendata_get_inode() is waiting for the inode free to complete.
+Since the open call still holds a session slot, the reboot recovery
+cannot proceed.
+
+In order to break the logjam, we can turn the delegation return into a
+privileged operation for the case where we're evicting the inode. We
+know that in that case, there can be no other state recovery operation
+that conflicts.
+
+Reported-by: zhangxiaoxu (A) <zhangxiaoxu5@huawei.com>
+Fixes: 5fcdfacc01f3 ("NFSv4: Return delegations synchronously in evict_inode")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs4_fs.h  |  1 +
+ fs/nfs/nfs4proc.c | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
+index c4a98cbda6dd..5708b5a636f1 100644
+--- a/fs/nfs/nfs4_fs.h
++++ b/fs/nfs/nfs4_fs.h
+@@ -203,6 +203,7 @@ struct nfs4_exception {
+       struct inode *inode;
+       nfs4_stateid *stateid;
+       long timeout;
++      unsigned char task_is_privileged : 1;
+       unsigned char delay : 1,
+                     recovering : 1,
+                     retry : 1;
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index ff54ba3c8247..ff48d7b23f07 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -581,6 +581,8 @@ int nfs4_handle_exception(struct nfs_server *server, int errorcode, struct nfs4_
+               goto out_retry;
+       }
+       if (exception->recovering) {
++              if (exception->task_is_privileged)
++                      return -EDEADLOCK;
+               ret = nfs4_wait_clnt_recover(clp);
+               if (test_bit(NFS_MIG_FAILED, &server->mig_status))
+                       return -EIO;
+@@ -606,6 +608,8 @@ nfs4_async_handle_exception(struct rpc_task *task, struct nfs_server *server,
+               goto out_retry;
+       }
+       if (exception->recovering) {
++              if (exception->task_is_privileged)
++                      return -EDEADLOCK;
+               rpc_sleep_on(&clp->cl_rpcwaitq, task, NULL);
+               if (test_bit(NFS4CLNT_MANAGER_RUNNING, &clp->cl_state) == 0)
+                       rpc_wake_up_queued_task(&clp->cl_rpcwaitq, task);
+@@ -6231,6 +6235,7 @@ static void nfs4_delegreturn_done(struct rpc_task *task, void *calldata)
+       struct nfs4_exception exception = {
+               .inode = data->inode,
+               .stateid = &data->stateid,
++              .task_is_privileged = data->args.seq_args.sa_privileged,
+       };
+ 
+       if (!nfs4_sequence_done(task, &data->res.seq_res))
+@@ -6349,7 +6354,6 @@ static int _nfs4_proc_delegreturn(struct inode *inode, const struct cred *cred,
+       data = kzalloc(sizeof(*data), GFP_NOFS);
+       if (data == NULL)
+               return -ENOMEM;
+-      nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1, 0);
+ 
+       nfs4_state_protect(server->nfs_client,
+                       NFS_SP4_MACH_CRED_CLEANUP,
+@@ -6377,6 +6381,12 @@ static int _nfs4_proc_delegreturn(struct inode *inode, const struct cred *cred,
+               }
+       }
+ 
++      if (!data->inode)
++              nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1,
++                                 1);
++      else
++              nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1,
++                                 0);
+       task_setup_data.callback_data = data;
+       msg.rpc_argp = &data->args;
+       msg.rpc_resp = &data->res;
+-- 
+2.30.2
+

diff --git a/queue-5.4/perf-session-correct-buffer-copying-when-peeking-eve.patch b/queue-5.4/perf-session-correct-buffer-copying-when-peeking-eve.patch
new file mode 100644 (file)
index 0000000..671303c
--- /dev/null
+++ b/queue-5.4/perf-session-correct-buffer-copying-when-peeking-eve.patch
@@ -0,0 +1,55 @@
+From 7f81c9aa52c5839750f7cae5d4e0a88eb8b8a936 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 5 Jun 2021 13:29:57 +0800
+Subject: perf session: Correct buffer copying when peeking events
+
+From: Leo Yan <leo.yan@linaro.org>
+
+[ Upstream commit 197eecb6ecae0b04bd694432f640ff75597fed9c ]
+
+When peeking an event, it has a short path and a long path.  The short
+path uses the session pointer "one_mmap_addr" to directly fetch the
+event; and the long path needs to read out the event header and the
+following event data from file and fill into the buffer pointer passed
+through the argument "buf".
+
+The issue is in the long path that it copies the event header and event
+data into the same destination address which pointer "buf", this means
+the event header is overwritten.  We are just lucky to run into the
+short path in most cases, so we don't hit the issue in the long path.
+
+This patch adds the offset "hdr_sz" to the pointer "buf" when copying
+the event data, so that it can reserve the event header which can be
+used properly by its caller.
+
+Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()")
+Signed-off-by: Leo Yan <leo.yan@linaro.org>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Acked-by: Jiri Olsa <jolsa@redhat.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/session.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
+index 56f3039fe2a7..8ff2c98e9032 100644
+--- a/tools/perf/util/session.c
++++ b/tools/perf/util/session.c
+@@ -1631,6 +1631,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
+       if (event->header.size < hdr_sz || event->header.size > buf_sz)
+               return -1;
+ 
++      buf += hdr_sz;
+       rest = event->header.size - hdr_sz;
+ 
+       if (readn(fd, buf, rest) != (ssize_t)rest)
+-- 
+2.30.2
+

diff --git a/queue-5.4/series b/queue-5.4/series
index ffd551649d507d773ebbd82c24b344e3b3b0c9f9..923fde5f6ff08cb5c62d0b831e922f732c3643ee 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -69,3 +69,6 @@ perf-fix-data-race-between-pin_count-increment-decrement.patch
 sched-fair-make-sure-to-update-tg-contrib-for-blocked-load.patch
 kvm-x86-ensure-liveliness-of-nested-vm-enter-fail-tracepoint-message.patch
 ib-mlx5-fix-initializing-cq-fragments-buffer.patch
+nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch
+nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch
+perf-session-correct-buffer-copying-when-peeking-eve.patch