--- /dev/null
+From 303a7ce92064c285a04c870f2dc0192fdb2968cb Mon Sep 17 00:00:00 2001
+From: Stanislav Kinsbursky <skinsbursky@parallels.com>
+Date: Tue, 18 Sep 2012 13:37:18 +0400
+Subject: lockd: use rpc client's cl_nodename for id encoding
+
+From: Stanislav Kinsbursky <skinsbursky@parallels.com>
+
+commit 303a7ce92064c285a04c870f2dc0192fdb2968cb upstream.
+
+Taking hostname from uts namespace if not safe, because this cuold be
+performind during umount operation on child reaper death. And in this case
+current->nsproxy is NULL already.
+
+Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/mon.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/lockd/mon.c
++++ b/fs/lockd/mon.c
+@@ -40,6 +40,7 @@ struct nsm_args {
+ u32 proc;
+
+ char *mon_name;
++ char *nodename;
+ };
+
+ struct nsm_res {
+@@ -94,6 +95,7 @@ static int nsm_mon_unmon(struct nsm_hand
+ .vers = 3,
+ .proc = NLMPROC_NSM_NOTIFY,
+ .mon_name = nsm->sm_mon_name,
++ .nodename = utsname()->nodename,
+ };
+ struct rpc_message msg = {
+ .rpc_argp = &args,
+@@ -430,7 +432,7 @@ static void encode_my_id(struct xdr_stre
+ {
+ __be32 *p;
+
+- encode_nsm_string(xdr, utsname()->nodename);
++ encode_nsm_string(xdr, argp->nodename);
+ p = xdr_reserve_space(xdr, 4 + 4 + 4);
+ *p++ = cpu_to_be32(argp->prog);
+ *p++ = cpu_to_be32(argp->vers);
--- /dev/null
+From 9959ba0c241a71c7ed8133401cfbbee2720da0b5 Mon Sep 17 00:00:00 2001
+From: Malahal Naineni <malahal@us.ibm.com>
+Date: Sun, 9 Sep 2012 10:25:47 -0500
+Subject: NFSD: pass null terminated buf to kstrtouint()
+
+From: Malahal Naineni <malahal@us.ibm.com>
+
+commit 9959ba0c241a71c7ed8133401cfbbee2720da0b5 upstream.
+
+The 'buf' is prepared with null termination with intention of using it for
+this purpose, but 'name' is passed instead!
+
+Signed-off-by: Malahal Naineni <malahal@us.ibm.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4idmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4idmap.c
++++ b/fs/nfsd/nfs4idmap.c
+@@ -581,7 +581,7 @@ numeric_name_to_id(struct svc_rqst *rqst
+ /* Just to make sure it's null-terminated: */
+ memcpy(buf, name, namelen);
+ buf[namelen] = '\0';
+- ret = kstrtouint(name, 10, id);
++ ret = kstrtouint(buf, 10, id);
+ return ret == 0;
+ }
+
--- /dev/null
+From cf9182e90b2af04245ac4fae497fe73fc71285b4 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Wed, 29 Aug 2012 15:21:58 -0700
+Subject: nfsd4: fix nfs4 stateid leak
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit cf9182e90b2af04245ac4fae497fe73fc71285b4 upstream.
+
+Processes that open and close multiple files may end up setting this
+oo_last_closed_stid without freeing what was previously pointed to.
+This can result in a major leak, visible for example by watching the
+nfsd4_stateids line of /proc/slabinfo.
+
+Reported-by: Cyril B. <cbay@excellency.fr>
+Tested-by: Cyril B. <cbay@excellency.fr>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -3783,6 +3783,7 @@ nfsd4_close(struct svc_rqst *rqstp, stru
+ memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
+
+ nfsd4_close_open_stateid(stp);
++ release_last_closed_stateid(oo);
+ oo->oo_last_closed_stid = stp;
+
+ /* place unused nfs4_stateowners on so_close_lru list to be
arm-vfp-fix-saving-d16-d31-vfp-registers-on-v6-kernels.patch
+nfsd4-fix-nfs4-stateid-leak.patch
+nfsd-pass-null-terminated-buf-to-kstrtouint.patch
+lockd-use-rpc-client-s-cl_nodename-for-id-encoding.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
