From: Greg Kroah-Hartman Date: Tue, 26 Nov 2013 20:09:38 +0000 (-0800) Subject: 3.12-stable patches X-Git-Tag: v3.11.10~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57b51641d9b3b61d8d367f358abbeb53f7a9402b;p=thirdparty%2Fkernel%2Fstable-queue.git 3.12-stable patches added patches: nfsd4-fix-discarded-security-labels-on-setattr.patch nfsd4-fix-xdr-decoding-of-large-non-write-compounds.patch nfsd-make-sure-to-balance-get-put_write_access.patch nfs-don-t-retry-detect_trunking-with-rpc_auth_unix-more-than-once.patch nfsd-return-better-errors-to-exportfs.patch nfsd-split-up-nfsd_setattr.patch nfs-fix-a-missing-initialisation-when-reading-the-selinux-label.patch nfs-fix-inverted-test-for-delegation-in-nfs4_reclaim_open_state.patch nfs-fix-oops-when-trying-to-set-selinux-label.patch nfsv4.2-fix-a-mismatch-between-linux-labeled-nfs-and-the-nfsv4.2-spec.patch nfsv4-don-t-fail-on-missing-fattr-in-open-recover.patch nfsv4-don-t-reprocess-cached-open-claim_previous.patch nfsv4-fix-a-use-after-free-situation-in-_nfs4_proc_getlk.patch nfsv4-fix-null-dereference-in-open-recover.patch nfsv4-fix-state-reference-counting-in-_nfs4_opendata_reclaim_to_nfs4_state.patch --- diff --git a/queue-3.12/nfs-don-t-retry-detect_trunking-with-rpc_auth_unix-more-than-once.patch b/queue-3.12/nfs-don-t-retry-detect_trunking-with-rpc_auth_unix-more-than-once.patch new file mode 100644 index 00000000000..db76154c965 --- /dev/null +++ b/queue-3.12/nfs-don-t-retry-detect_trunking-with-rpc_auth_unix-more-than-once.patch @@ -0,0 +1,57 @@ +From 6d769f1e1420179d1f83cf1a9cdc585b46c28545 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 13 Nov 2013 09:08:21 -0500 +Subject: nfs: don't retry detect_trunking with RPC_AUTH_UNIX more than once + +From: Jeff Layton + +commit 6d769f1e1420179d1f83cf1a9cdc585b46c28545 upstream. + +Currently, when we try to mount and get back NFS4ERR_CLID_IN_USE or +NFS4ERR_WRONGSEC, we create a new rpc_clnt and then try the call again. +There is no guarantee that doing so will work however, so we can end up +retrying the call in an infinite loop. + +Worse yet, we create the new client using rpc_clone_client_set_auth, +which creates the new client as a child of the old one. Thus, we can end +up with a *very* long lineage of rpc_clnts. When we go to put all of the +references to them, we can end up with a long call chain that can smash +the stack as each rpc_free_client() call can recurse back into itself. + +This patch fixes this by simply ensuring that the SETCLIENTID call will +only be retried in this situation if the last attempt did not use +RPC_AUTH_UNIX. + +Note too that with this change, we don't need the (i > 2) check in the +-EACCES case since we now have a more reliable test as to whether we +should reattempt. + +Cc: Chuck Lever +Tested-by/Acked-by: Weston Andros Adamson +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4state.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1881,10 +1881,15 @@ again: + nfs4_root_machine_cred(clp); + goto again; + } +- if (i > 2) ++ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) + break; + case -NFS4ERR_CLID_INUSE: + case -NFS4ERR_WRONGSEC: ++ /* No point in retrying if we already used RPC_AUTH_UNIX */ ++ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) { ++ status = -EPERM; ++ break; ++ } + clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX); + if (IS_ERR(clnt)) { + status = PTR_ERR(clnt); diff --git a/queue-3.12/nfs-fix-a-missing-initialisation-when-reading-the-selinux-label.patch b/queue-3.12/nfs-fix-a-missing-initialisation-when-reading-the-selinux-label.patch new file mode 100644 index 00000000000..8d1d06d90de --- /dev/null +++ b/queue-3.12/nfs-fix-a-missing-initialisation-when-reading-the-selinux-label.patch @@ -0,0 +1,48 @@ +From fcb63a9bd8427fc584229048ea14f1453dc9a2e1 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Fri, 1 Nov 2013 12:42:25 -0400 +Subject: NFS: Fix a missing initialisation when reading the SELinux label + +From: Trond Myklebust + +commit fcb63a9bd8427fc584229048ea14f1453dc9a2e1 upstream. + +Ensure that _nfs4_do_get_security_label() also initialises the +SEQUENCE call correctly, by having it call into nfs4_call_sync(). + +Reported-by: Jeff Layton +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -4570,7 +4570,7 @@ static int _nfs4_get_security_label(stru + struct nfs4_label label = {0, 0, buflen, buf}; + + u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; +- struct nfs4_getattr_arg args = { ++ struct nfs4_getattr_arg arg = { + .fh = NFS_FH(inode), + .bitmask = bitmask, + }; +@@ -4581,14 +4581,14 @@ static int _nfs4_get_security_label(stru + }; + struct rpc_message msg = { + .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETATTR], +- .rpc_argp = &args, ++ .rpc_argp = &arg, + .rpc_resp = &res, + }; + int ret; + + nfs_fattr_init(&fattr); + +- ret = rpc_call_sync(server->client, &msg, 0); ++ ret = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 0); + if (ret) + return ret; + if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL)) diff --git a/queue-3.12/nfs-fix-inverted-test-for-delegation-in-nfs4_reclaim_open_state.patch b/queue-3.12/nfs-fix-inverted-test-for-delegation-in-nfs4_reclaim_open_state.patch new file mode 100644 index 00000000000..4fffa0ec881 --- /dev/null +++ b/queue-3.12/nfs-fix-inverted-test-for-delegation-in-nfs4_reclaim_open_state.patch @@ -0,0 +1,35 @@ +From 1acd1c301f4faae80f4d2c7bbd9a4553b131c0e3 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 31 Oct 2013 13:03:04 -0400 +Subject: nfs: fix inverted test for delegation in nfs4_reclaim_open_state + +From: Jeff Layton + +commit 1acd1c301f4faae80f4d2c7bbd9a4553b131c0e3 upstream. + +commit 6686390bab6a0e0 (NFS: remove incorrect "Lock reclaim failed!" +warning.) added a test for a delegation before checking to see if any +reclaimed locks failed. The test however is backward and is only doing +that check when a delegation is held instead of when one isn't. + +Cc: NeilBrown +Signed-off-by: Jeff Layton +Fixes: 6686390bab6a: NFS: remove incorrect "Lock reclaim failed!" warning. +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4state.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1422,7 +1422,7 @@ restart: + if (status >= 0) { + status = nfs4_reclaim_locks(state, ops); + if (status >= 0) { +- if (test_bit(NFS_DELEGATED_STATE, &state->flags) != 0) { ++ if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) { + spin_lock(&state->state_lock); + list_for_each_entry(lock, &state->lock_states, ls_locks) { + if (!test_bit(NFS_LOCK_INITIALIZED, &lock->ls_flags)) diff --git a/queue-3.12/nfs-fix-oops-when-trying-to-set-selinux-label.patch b/queue-3.12/nfs-fix-oops-when-trying-to-set-selinux-label.patch new file mode 100644 index 00000000000..1cf26959991 --- /dev/null +++ b/queue-3.12/nfs-fix-oops-when-trying-to-set-selinux-label.patch @@ -0,0 +1,110 @@ +From 12207f69b3ef4d6eea6a5568281e49f671977ab1 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Fri, 1 Nov 2013 10:49:32 -0400 +Subject: nfs: fix oops when trying to set SELinux label + +From: Jeff Layton + +commit 12207f69b3ef4d6eea6a5568281e49f671977ab1 upstream. + +Chao reported the following oops when testing labeled NFS: + +BUG: unable to handle kernel NULL pointer dereference at (null) +IP: [] nfs4_xdr_enc_setattr+0x43/0x110 [nfsv4] +PGD 277bbd067 PUD 2777ea067 PMD 0 +Oops: 0000 [#1] SMP +Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache sg coretemp kvm_intel kvm crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel lrw gf128mul iTCO_wdt glue_helper ablk_helper cryptd iTCO_vendor_support bnx2 pcspkr serio_raw i7core_edac cdc_ether microcode usbnet edac_core mii lpc_ich i2c_i801 mfd_core shpchp ioatdma dca acpi_cpufreq mperf nfsd auth_rpcgss nfs_acl lockd sunrpc xfs libcrc32c sr_mod sd_mod cdrom crc_t10dif mgag200 syscopyarea sysfillrect sysimgblt i2c_algo_bit drm_kms_helper ata_generic ttm pata_acpi drm ata_piix libata megaraid_sas i2c_core dm_mirror dm_region_hash dm_log dm_mod +CPU: 4 PID: 25657 Comm: chcon Not tainted 3.10.0-33.el7.x86_64 #1 +Hardware name: IBM System x3550 M3 -[7944OEJ]-/90Y4784 , BIOS -[D6E150CUS-1.11]- 02/08/2011 +task: ffff880178397220 ti: ffff8801595d2000 task.ti: ffff8801595d2000 +RIP: 0010:[] [] nfs4_xdr_enc_setattr+0x43/0x110 [nfsv4] +RSP: 0018:ffff8801595d3888 EFLAGS: 00010296 +RAX: 0000000000000000 RBX: ffff8801595d3b30 RCX: 0000000000000b4c +RDX: ffff8801595d3b30 RSI: ffff8801595d38e0 RDI: ffff880278b6ec00 +RBP: ffff8801595d38c8 R08: ffff8801595d3b30 R09: 0000000000000001 +R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801595d38e0 +R13: ffff880277a4a780 R14: ffffffffa05686c0 R15: ffff8802765f206c +FS: 00007f2c68486800(0000) GS:ffff88027fc00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000000 CR3: 000000027651a000 CR4: 00000000000007e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 +Stack: + 0000000000000000 0000000000000000 0000000000000000 0000000000000000 + 0000000000000000 ffff880277865800 ffff880278b6ec00 ffff880277a4a780 + ffff8801595d3948 ffffffffa02ad926 ffff8801595d3b30 ffff8802765f206c +Call Trace: + [] rpcauth_wrap_req+0x86/0xd0 [sunrpc] + [] ? call_connect+0xb0/0xb0 [sunrpc] + [] ? call_connect+0xb0/0xb0 [sunrpc] + [] call_transmit+0x18b/0x290 [sunrpc] + [] ? call_connect+0xb0/0xb0 [sunrpc] + [] __rpc_execute+0x84/0x400 [sunrpc] + [] rpc_execute+0x5e/0xa0 [sunrpc] + [] rpc_run_task+0x70/0x90 [sunrpc] + [] rpc_call_sync+0x43/0xa0 [sunrpc] + [] _nfs4_do_set_security_label+0x11d/0x170 [nfsv4] + [] nfs4_set_security_label.isra.69+0xf1/0x1d0 [nfsv4] + [] ? avc_alloc_node+0x24/0x125 + [] ? avc_compute_av+0x1a3/0x1b5 + [] nfs4_xattr_set_nfs4_label+0x3b/0x50 [nfsv4] + [] generic_setxattr+0x62/0x80 + [] __vfs_setxattr_noperm+0x63/0x1b0 + [] vfs_setxattr+0xb5/0xc0 + [] setxattr+0x12e/0x1c0 + [] ? final_putname+0x22/0x50 + [] ? putname+0x2b/0x40 + [] ? user_path_at_empty+0x5f/0x90 + [] ? __sb_start_write+0x49/0x100 + [] SyS_lsetxattr+0x8f/0xd0 + [] system_call_fastpath+0x16/0x1b +Code: 48 8b 02 48 c7 45 c0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 d0 00 00 00 00 48 c7 45 d8 00 00 00 00 48 c7 45 e0 00 00 00 00 <48> 8b 00 48 8b 00 48 85 c0 0f 84 ae 00 00 00 48 8b 80 b8 03 00 +RIP [] nfs4_xdr_enc_setattr+0x43/0x110 [nfsv4] + RSP +CR2: 0000000000000000 + +The problem is that _nfs4_do_set_security_label calls rpc_call_sync() +directly which fails to do any setup of the SEQUENCE call. Have it use +nfs4_call_sync() instead which does the right thing. While we're at it +change the name of "args" to "arg" to better match the pattern in +_nfs4_do_setattr. + +Reported-by: Chao Ye +Cc: David Quigley +Signed-off-by: Jeff Layton +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -4625,7 +4625,7 @@ static int _nfs4_do_set_security_label(s + struct iattr sattr = {0}; + struct nfs_server *server = NFS_SERVER(inode); + const u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; +- struct nfs_setattrargs args = { ++ struct nfs_setattrargs arg = { + .fh = NFS_FH(inode), + .iap = &sattr, + .server = server, +@@ -4639,14 +4639,14 @@ static int _nfs4_do_set_security_label(s + }; + struct rpc_message msg = { + .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_SETATTR], +- .rpc_argp = &args, ++ .rpc_argp = &arg, + .rpc_resp = &res, + }; + int status; + +- nfs4_stateid_copy(&args.stateid, &zero_stateid); ++ nfs4_stateid_copy(&arg.stateid, &zero_stateid); + +- status = rpc_call_sync(server->client, &msg, 0); ++ status = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 1); + if (status) + dprintk("%s failed: %d\n", __func__, status); + diff --git a/queue-3.12/nfsd-make-sure-to-balance-get-put_write_access.patch b/queue-3.12/nfsd-make-sure-to-balance-get-put_write_access.patch new file mode 100644 index 00000000000..7973e3cbb19 --- /dev/null +++ b/queue-3.12/nfsd-make-sure-to-balance-get-put_write_access.patch @@ -0,0 +1,70 @@ +From 987da4791052fa298b7cfcde4dea9f6f2bbc786b Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Mon, 18 Nov 2013 05:07:47 -0800 +Subject: nfsd: make sure to balance get/put_write_access + +From: Christoph Hellwig + +commit 987da4791052fa298b7cfcde4dea9f6f2bbc786b upstream. + +Use a straight goto error label style in nfsd_setattr to make sure +we always do the put_write_access call after we got it earlier. + +Note that the we have been failing to do that in the case +nfsd_break_lease() returns an error, a bug introduced into 2.6.38 with +6a76bebefe15d9a08864f824d7f8d5beaf37c997 "nfsd4: break lease on nfsd +setattr". + +Signed-off-by: Christoph Hellwig +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/vfs.c | 29 +++++++++++++++-------------- + 1 file changed, 15 insertions(+), 14 deletions(-) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -444,27 +444,28 @@ nfsd_setattr(struct svc_rqst *rqstp, str + + iap->ia_valid |= ATTR_CTIME; + +- err = nfserr_notsync; +- if (!check_guard || guardtime == inode->i_ctime.tv_sec) { +- host_err = nfsd_break_lease(inode); +- if (host_err) +- goto out_nfserr; +- fh_lock(fhp); +- +- host_err = notify_change(dentry, iap); +- err = nfserrno(host_err); +- fh_unlock(fhp); ++ if (check_guard && guardtime != inode->i_ctime.tv_sec) { ++ err = nfserr_notsync; ++ goto out_put_write_access; + } ++ ++ host_err = nfsd_break_lease(inode); ++ if (host_err) ++ goto out_put_write_access_nfserror; ++ ++ fh_lock(fhp); ++ host_err = notify_change(dentry, iap); ++ fh_unlock(fhp); ++ ++out_put_write_access_nfserror: ++ err = nfserrno(host_err); ++out_put_write_access: + if (size_change) + put_write_access(inode); + if (!err) + commit_metadata(fhp); + out: + return err; +- +-out_nfserr: +- err = nfserrno(host_err); +- goto out; + } + + #if defined(CONFIG_NFSD_V2_ACL) || \ diff --git a/queue-3.12/nfsd-return-better-errors-to-exportfs.patch b/queue-3.12/nfsd-return-better-errors-to-exportfs.patch new file mode 100644 index 00000000000..b5059e8f61a --- /dev/null +++ b/queue-3.12/nfsd-return-better-errors-to-exportfs.patch @@ -0,0 +1,61 @@ +From 427d6c6646d868fbd3094e7e2e1644d480cd9204 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Fri, 13 Sep 2013 11:08:45 -0400 +Subject: nfsd: return better errors to exportfs + +From: "J. Bruce Fields" + +commit 427d6c6646d868fbd3094e7e2e1644d480cd9204 upstream. + +Someone noticed exportfs happily accepted exports that would later be +rejected when mountd tried to give them to the kernel. Fix this. + +This is a regression from 4c1e1b34d5c800ad3ac9a7e2805b0bea70ad2278 +"nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids". + +Cc: "Eric W. Biederman" +Reported-by: Yin.JianHong +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/export.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/fs/nfsd/export.c ++++ b/fs/nfsd/export.c +@@ -536,16 +536,12 @@ static int svc_export_parse(struct cache + if (err) + goto out3; + exp.ex_anon_uid= make_kuid(&init_user_ns, an_int); +- if (!uid_valid(exp.ex_anon_uid)) +- goto out3; + + /* anon gid */ + err = get_int(&mesg, &an_int); + if (err) + goto out3; + exp.ex_anon_gid= make_kgid(&init_user_ns, an_int); +- if (!gid_valid(exp.ex_anon_gid)) +- goto out3; + + /* fsid */ + err = get_int(&mesg, &an_int); +@@ -583,6 +579,17 @@ static int svc_export_parse(struct cache + exp.ex_uuid); + if (err) + goto out4; ++ /* ++ * For some reason exportfs has been passing down an ++ * invalid (-1) uid & gid on the "dummy" export which it ++ * uses to test export support. To make sure exportfs ++ * sees errors from check_export we therefore need to ++ * delay these checks till after check_export: ++ */ ++ if (!uid_valid(exp.ex_anon_uid)) ++ goto out4; ++ if (!gid_valid(exp.ex_anon_gid)) ++ goto out4; + } + + expp = svc_export_lookup(&exp); diff --git a/queue-3.12/nfsd-split-up-nfsd_setattr.patch b/queue-3.12/nfsd-split-up-nfsd_setattr.patch new file mode 100644 index 00000000000..ab8638c9fd4 --- /dev/null +++ b/queue-3.12/nfsd-split-up-nfsd_setattr.patch @@ -0,0 +1,197 @@ +From 818e5a22e907fbae75e9c1fd78233baec9fa64b6 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Mon, 18 Nov 2013 05:07:30 -0800 +Subject: nfsd: split up nfsd_setattr + +From: Christoph Hellwig + +commit 818e5a22e907fbae75e9c1fd78233baec9fa64b6 upstream. + +Split out two helpers to make the code more readable and easier to verify +for correctness. + +Signed-off-by: Christoph Hellwig +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/vfs.c | 144 +++++++++++++++++++++++++++++++++------------------------- + 1 file changed, 84 insertions(+), 60 deletions(-) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -298,41 +298,12 @@ commit_metadata(struct svc_fh *fhp) + } + + /* +- * Set various file attributes. +- * N.B. After this call fhp needs an fh_put ++ * Go over the attributes and take care of the small differences between ++ * NFS semantics and what Linux expects. + */ +-__be32 +-nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, +- int check_guard, time_t guardtime) ++static void ++nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) + { +- struct dentry *dentry; +- struct inode *inode; +- int accmode = NFSD_MAY_SATTR; +- umode_t ftype = 0; +- __be32 err; +- int host_err; +- int size_change = 0; +- +- if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) +- accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; +- if (iap->ia_valid & ATTR_SIZE) +- ftype = S_IFREG; +- +- /* Get inode */ +- err = fh_verify(rqstp, fhp, ftype, accmode); +- if (err) +- goto out; +- +- dentry = fhp->fh_dentry; +- inode = dentry->d_inode; +- +- /* Ignore any mode updates on symlinks */ +- if (S_ISLNK(inode->i_mode)) +- iap->ia_valid &= ~ATTR_MODE; +- +- if (!iap->ia_valid) +- goto out; +- + /* + * NFSv2 does not differentiate between "set-[ac]time-to-now" + * which only requires access, and "set-[ac]time-to-X" which +@@ -342,8 +313,7 @@ nfsd_setattr(struct svc_rqst *rqstp, str + * convert to "set to now" instead of "set to explicit time" + * + * We only call inode_change_ok as the last test as technically +- * it is not an interface that we should be using. It is only +- * valid if the filesystem does not define it's own i_op->setattr. ++ * it is not an interface that we should be using. + */ + #define BOTH_TIME_SET (ATTR_ATIME_SET | ATTR_MTIME_SET) + #define MAX_TOUCH_TIME_ERROR (30*60) +@@ -369,30 +339,6 @@ nfsd_setattr(struct svc_rqst *rqstp, str + iap->ia_valid &= ~BOTH_TIME_SET; + } + } +- +- /* +- * The size case is special. +- * It changes the file as well as the attributes. +- */ +- if (iap->ia_valid & ATTR_SIZE) { +- if (iap->ia_size < inode->i_size) { +- err = nfsd_permission(rqstp, fhp->fh_export, dentry, +- NFSD_MAY_TRUNC|NFSD_MAY_OWNER_OVERRIDE); +- if (err) +- goto out; +- } +- +- host_err = get_write_access(inode); +- if (host_err) +- goto out_nfserr; +- +- size_change = 1; +- host_err = locks_verify_truncate(inode, NULL, iap->ia_size); +- if (host_err) { +- put_write_access(inode); +- goto out_nfserr; +- } +- } + + /* sanitize the mode change */ + if (iap->ia_valid & ATTR_MODE) { +@@ -415,8 +361,86 @@ nfsd_setattr(struct svc_rqst *rqstp, str + iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); + } + } ++} ++ ++static __be32 ++nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, ++ struct iattr *iap) ++{ ++ struct inode *inode = fhp->fh_dentry->d_inode; ++ int host_err; ++ ++ if (iap->ia_size < inode->i_size) { ++ __be32 err; ++ ++ err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, ++ NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); ++ if (err) ++ return err; ++ } ++ ++ host_err = get_write_access(inode); ++ if (host_err) ++ goto out_nfserrno; ++ ++ host_err = locks_verify_truncate(inode, NULL, iap->ia_size); ++ if (host_err) ++ goto out_put_write_access; ++ return 0; ++ ++out_put_write_access: ++ put_write_access(inode); ++out_nfserrno: ++ return nfserrno(host_err); ++} ++ ++/* ++ * Set various file attributes. After this call fhp needs an fh_put. ++ */ ++__be32 ++nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, ++ int check_guard, time_t guardtime) ++{ ++ struct dentry *dentry; ++ struct inode *inode; ++ int accmode = NFSD_MAY_SATTR; ++ umode_t ftype = 0; ++ __be32 err; ++ int host_err; ++ int size_change = 0; ++ ++ if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) ++ accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; ++ if (iap->ia_valid & ATTR_SIZE) ++ ftype = S_IFREG; ++ ++ /* Get inode */ ++ err = fh_verify(rqstp, fhp, ftype, accmode); ++ if (err) ++ goto out; ++ ++ dentry = fhp->fh_dentry; ++ inode = dentry->d_inode; ++ ++ /* Ignore any mode updates on symlinks */ ++ if (S_ISLNK(inode->i_mode)) ++ iap->ia_valid &= ~ATTR_MODE; ++ ++ if (!iap->ia_valid) ++ goto out; ++ ++ nfsd_sanitize_attrs(inode, iap); + +- /* Change the attributes. */ ++ /* ++ * The size case is special, it changes the file in addition to the ++ * attributes. ++ */ ++ if (iap->ia_valid & ATTR_SIZE) { ++ err = nfsd_get_write_access(rqstp, fhp, iap); ++ if (err) ++ goto out; ++ size_change = 1; ++ } + + iap->ia_valid |= ATTR_CTIME; + diff --git a/queue-3.12/nfsd4-fix-discarded-security-labels-on-setattr.patch b/queue-3.12/nfsd4-fix-discarded-security-labels-on-setattr.patch new file mode 100644 index 00000000000..55998ff6743 --- /dev/null +++ b/queue-3.12/nfsd4-fix-discarded-security-labels-on-setattr.patch @@ -0,0 +1,30 @@ +From 3378b7f40d79930f0f447a164c7e8fcbe4480e40 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Fri, 1 Nov 2013 10:42:15 -0400 +Subject: nfsd4: fix discarded security labels on setattr + +From: "J. Bruce Fields" + +commit 3378b7f40d79930f0f447a164c7e8fcbe4480e40 upstream. + +Security labels in setattr calls are currently ignored because we forget +to set label->len. + +Reported-by: Jeff Layton +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4xdr.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -411,6 +411,7 @@ nfsd4_decode_fattr(struct nfsd4_compound + label->data = kzalloc(dummy32 + 1, GFP_KERNEL); + if (!label->data) + return nfserr_jukebox; ++ label->len = dummy32; + defer_free(argp, kfree, label->data); + memcpy(label->data, buf, dummy32); + } diff --git a/queue-3.12/nfsd4-fix-xdr-decoding-of-large-non-write-compounds.patch b/queue-3.12/nfsd4-fix-xdr-decoding-of-large-non-write-compounds.patch new file mode 100644 index 00000000000..f02451c5bf9 --- /dev/null +++ b/queue-3.12/nfsd4-fix-xdr-decoding-of-large-non-write-compounds.patch @@ -0,0 +1,48 @@ +From 365da4adebb1c012febf81019ad3dc5bb52e2a13 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Tue, 19 Nov 2013 17:32:43 -0500 +Subject: nfsd4: fix xdr decoding of large non-write compounds + +From: "J. Bruce Fields" + +commit 365da4adebb1c012febf81019ad3dc5bb52e2a13 upstream. + +This fixes a regression from 247500820ebd02ad87525db5d9b199e5b66f6636 +"nfsd4: fix decoding of compounds across page boundaries". The previous +code was correct: argp->pagelist is initialized in +nfs4svc_deocde_compoundargs to rqstp->rq_arg.pages, and is therefore a +pointer to the page *after* the page we are currently decoding. + +The reason that patch nevertheless fixed a problem with decoding +compounds containing write was a bug in the write decoding introduced by +5a80a54d21c96590d013378d8c5f65f879451ab4 "nfsd4: reorganize write +decoding", after which write decoding no longer adhered to the rule that +argp->pagelist point to the next page. + +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4xdr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -141,8 +141,8 @@ xdr_error: \ + + static void next_decode_page(struct nfsd4_compoundargs *argp) + { +- argp->pagelist++; + argp->p = page_address(argp->pagelist[0]); ++ argp->pagelist++; + if (argp->pagelen < PAGE_SIZE) { + argp->end = argp->p + (argp->pagelen>>2); + argp->pagelen = 0; +@@ -1209,6 +1209,7 @@ nfsd4_decode_write(struct nfsd4_compound + len -= pages * PAGE_SIZE; + + argp->p = (__be32 *)page_address(argp->pagelist[0]); ++ argp->pagelist++; + argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE); + } + argp->p += XDR_QUADLEN(len); diff --git a/queue-3.12/nfsv4-don-t-fail-on-missing-fattr-in-open-recover.patch b/queue-3.12/nfsv4-don-t-fail-on-missing-fattr-in-open-recover.patch new file mode 100644 index 00000000000..997916a9e86 --- /dev/null +++ b/queue-3.12/nfsv4-don-t-fail-on-missing-fattr-in-open-recover.patch @@ -0,0 +1,35 @@ +From a43ec98b72aae3e330f0673438f58316c3769b84 Mon Sep 17 00:00:00 2001 +From: Weston Andros Adamson +Date: Mon, 21 Oct 2013 13:10:11 -0400 +Subject: NFSv4: don't fail on missing fattr in open recover + +From: Weston Andros Adamson + +commit a43ec98b72aae3e330f0673438f58316c3769b84 upstream. + +This is an unneeded check that could cause the client to fail to recover +opens. + +Signed-off-by: Weston Andros Adamson +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 6 ------ + 1 file changed, 6 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1323,12 +1323,6 @@ _nfs4_opendata_reclaim_to_nfs4_state(str + goto err; + } + +- ret = -ESTALE; +- if (!(data->f_attr.valid & NFS_ATTR_FATTR_TYPE) || +- !(data->f_attr.valid & NFS_ATTR_FATTR_FILEID) || +- !(data->f_attr.valid & NFS_ATTR_FATTR_CHANGE)) +- goto err; +- + ret = -ENOMEM; + state = nfs4_get_open_state(inode, data->owner); + if (state == NULL) diff --git a/queue-3.12/nfsv4-don-t-reprocess-cached-open-claim_previous.patch b/queue-3.12/nfsv4-don-t-reprocess-cached-open-claim_previous.patch new file mode 100644 index 00000000000..fba76943421 --- /dev/null +++ b/queue-3.12/nfsv4-don-t-reprocess-cached-open-claim_previous.patch @@ -0,0 +1,49 @@ +From d2bfda2e7aa036f90ccea610a657064b1e267913 Mon Sep 17 00:00:00 2001 +From: Weston Andros Adamson +Date: Mon, 21 Oct 2013 13:10:13 -0400 +Subject: NFSv4: don't reprocess cached open CLAIM_PREVIOUS + +From: Weston Andros Adamson + +commit d2bfda2e7aa036f90ccea610a657064b1e267913 upstream. + +Cached opens have already been handled by _nfs4_opendata_reclaim_to_nfs4_state +and can safely skip being reprocessed, but must still call update_open_stateid +to make sure that all active fmodes are recovered. + +Signed-off-by: Weston Andros Adamson +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1317,10 +1317,13 @@ _nfs4_opendata_reclaim_to_nfs4_state(str + struct nfs4_state *state = data->state; + int ret; + +- /* allow cached opens (!rpc_done && !rpc_status) */ +- if (!data->rpc_done && data->rpc_status) { +- ret = data->rpc_status; +- goto err; ++ if (!data->rpc_done) { ++ if (data->rpc_status) { ++ ret = data->rpc_status; ++ goto err; ++ } ++ /* cached opens have already been processed */ ++ goto update; + } + + ret = -ENOMEM; +@@ -1336,6 +1339,7 @@ _nfs4_opendata_reclaim_to_nfs4_state(str + + if (data->o_res.delegation_type != 0) + nfs4_opendata_check_deleg(data, state); ++update: + update_open_stateid(state, &data->o_res.stateid, NULL, + data->o_arg.fmode); + diff --git a/queue-3.12/nfsv4-fix-a-use-after-free-situation-in-_nfs4_proc_getlk.patch b/queue-3.12/nfsv4-fix-a-use-after-free-situation-in-_nfs4_proc_getlk.patch new file mode 100644 index 00000000000..34e0c0f3c37 --- /dev/null +++ b/queue-3.12/nfsv4-fix-a-use-after-free-situation-in-_nfs4_proc_getlk.patch @@ -0,0 +1,47 @@ +From a6f951ddbdfb7bd87d31a44f61abe202ed6ce57f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 1 Oct 2013 14:24:58 -0400 +Subject: NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() + +From: Trond Myklebust + +commit a6f951ddbdfb7bd87d31a44f61abe202ed6ce57f upstream. + +In nfs4_proc_getlk(), when some error causes a retry of the call to +_nfs4_proc_getlk(), we can end up with Oopses of the form + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000134 + IP: [] _raw_spin_lock+0xe/0x30 + + Call Trace: + [] _atomic_dec_and_lock+0x4d/0x70 + [] nfs4_put_lock_state+0x32/0xb0 [nfsv4] + [] nfs4_fl_release_lock+0x15/0x20 [nfsv4] + [] _nfs4_proc_getlk.isra.40+0x146/0x170 [nfsv4] + [] nfs4_proc_lock+0x399/0x5a0 [nfsv4] + +The problem is that we don't clear the request->fl_ops after the first +try and so when we retry, nfs4_set_lock_state() exits early without +setting the lock stateid. +Regression introduced by commit 70cc6487a4e08b8698c0e2ec935fb48d10490162 +(locks: make ->lock release private data before returning in GETLK case) + +Reported-by: Weston Andros Adamson +Reported-by: Jorge Mora +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5106,6 +5106,7 @@ static int _nfs4_proc_getlk(struct nfs4_ + status = 0; + } + request->fl_ops->fl_release_private(request); ++ request->fl_ops = NULL; + out: + return status; + } diff --git a/queue-3.12/nfsv4-fix-null-dereference-in-open-recover.patch b/queue-3.12/nfsv4-fix-null-dereference-in-open-recover.patch new file mode 100644 index 00000000000..5da0c8530be --- /dev/null +++ b/queue-3.12/nfsv4-fix-null-dereference-in-open-recover.patch @@ -0,0 +1,99 @@ +From f494a6071d31e3294a3b51ad7a3684f983953f9f Mon Sep 17 00:00:00 2001 +From: Weston Andros Adamson +Date: Mon, 21 Oct 2013 13:10:10 -0400 +Subject: NFSv4: fix NULL dereference in open recover + +From: Weston Andros Adamson + +commit f494a6071d31e3294a3b51ad7a3684f983953f9f upstream. + +_nfs4_opendata_reclaim_to_nfs4_state doesn't expect to see a cached +open CLAIM_PREVIOUS, but this can happen. An example is when there are +RDWR openers and RDONLY openers on a delegation stateid. The recovery +path will first try an open CLAIM_PREVIOUS for the RDWR openers, this +marks the delegation as not needing RECLAIM anymore, so the open +CLAIM_PREVIOUS for the RDONLY openers will not actually send an rpc. + +The NULL dereference is due to _nfs4_opendata_reclaim_to_nfs4_state +returning PTR_ERR(rpc_status) when !rpc_done. When the open is +cached, rpc_done == 0 and rpc_status == 0, thus +_nfs4_opendata_reclaim_to_nfs4_state returns NULL - this is unexpected +by callers of nfs4_opendata_to_nfs4_state(). + +This can be reproduced easily by opening the same file two times on an +NFSv4.0 mount with delegations enabled, once as RDWR and once as RDONLY then +sleeping for a long time. While the files are held open, kick off state +recovery and this NULL dereference will be hit every time. + +An example OOPS: + +[ 65.003602] BUG: unable to handle kernel NULL pointer dereference at 00000000 +00000030 +[ 65.005312] IP: [] __nfs4_close+0x1e/0x160 [nfsv4] +[ 65.006820] PGD 7b0ea067 PUD 791ff067 PMD 0 +[ 65.008075] Oops: 0000 [#1] SMP +[ 65.008802] Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache +snd_ens1371 gameport nfsd snd_rawmidi snd_ac97_codec ac97_bus btusb snd_seq snd +_seq_device snd_pcm ppdev bluetooth auth_rpcgss coretemp snd_page_alloc crc32_pc +lmul crc32c_intel ghash_clmulni_intel microcode rfkill nfs_acl vmw_balloon serio +_raw snd_timer lockd parport_pc e1000 snd soundcore parport i2c_piix4 shpchp vmw +_vmci sunrpc ata_generic mperf pata_acpi mptspi vmwgfx ttm scsi_transport_spi dr +m mptscsih mptbase i2c_core +[ 65.018684] CPU: 0 PID: 473 Comm: 192.168.10.85-m Not tainted 3.11.2-201.fc19 +.x86_64 #1 +[ 65.020113] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop +Reference Platform, BIOS 6.00 07/31/2013 +[ 65.022012] task: ffff88003707e320 ti: ffff88007b906000 task.ti: ffff88007b906000 +[ 65.023414] RIP: 0010:[] [] __nfs4_close+0x1e/0x160 [nfsv4] +[ 65.025079] RSP: 0018:ffff88007b907d10 EFLAGS: 00010246 +[ 65.026042] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 +[ 65.027321] RDX: 0000000000000050 RSI: 0000000000000001 RDI: 0000000000000000 +[ 65.028691] RBP: ffff88007b907d38 R08: 0000000000016f60 R09: 0000000000000000 +[ 65.029990] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 +[ 65.031295] R13: 0000000000000050 R14: 0000000000000000 R15: 0000000000000001 +[ 65.032527] FS: 0000000000000000(0000) GS:ffff88007f600000(0000) knlGS:0000000000000000 +[ 65.033981] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 65.035177] CR2: 0000000000000030 CR3: 000000007b27f000 CR4: 00000000000407f0 +[ 65.036568] Stack: +[ 65.037011] 0000000000000000 0000000000000001 ffff88007b907d90 ffff88007a880220 +[ 65.038472] ffff88007b768de8 ffff88007b907d48 ffffffffa037e4a5 ffff88007b907d80 +[ 65.039935] ffffffffa036a6c8 ffff880037020e40 ffff88007a880000 ffff880037020e40 +[ 65.041468] Call Trace: +[ 65.042050] [] nfs4_close_state+0x15/0x20 [nfsv4] +[ 65.043209] [] nfs4_open_recover_helper+0x148/0x1f0 [nfsv4] +[ 65.044529] [] nfs4_open_recover+0x116/0x150 [nfsv4] +[ 65.045730] [] nfs4_open_reclaim+0xad/0x150 [nfsv4] +[ 65.046905] [] nfs4_do_reclaim+0x149/0x5f0 [nfsv4] +[ 65.048071] [] nfs4_run_state_manager+0x3bc/0x670 [nfsv4] +[ 65.049436] [] ? nfs4_do_reclaim+0x5f0/0x5f0 [nfsv4] +[ 65.050686] [] ? nfs4_do_reclaim+0x5f0/0x5f0 [nfsv4] +[ 65.051943] [] kthread+0xc0/0xd0 +[ 65.052831] [] ? insert_kthread_work+0x40/0x40 +[ 65.054697] [] ret_from_fork+0x7c/0xb0 +[ 65.056396] [] ? insert_kthread_work+0x40/0x40 +[ 65.058208] Code: 5c 41 5d 5d c3 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 41 57 41 89 f7 41 56 41 89 ce 41 55 41 89 d5 41 54 53 48 89 fb <4c> 8b 67 30 f0 41 ff 44 24 44 49 8d 7c 24 40 e8 0e 0a 2d e1 44 +[ 65.065225] RIP [] __nfs4_close+0x1e/0x160 [nfsv4] +[ 65.067175] RSP +[ 65.068570] CR2: 0000000000000030 +[ 65.070098] ---[ end trace 0d1fe4f5c7dd6f8b ]--- + +Signed-off-by: Weston Andros Adamson +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1317,7 +1317,8 @@ _nfs4_opendata_reclaim_to_nfs4_state(str + struct nfs4_state *state = data->state; + int ret; + +- if (!data->rpc_done) { ++ /* allow cached opens (!rpc_done && !rpc_status) */ ++ if (!data->rpc_done && data->rpc_status) { + ret = data->rpc_status; + goto err; + } diff --git a/queue-3.12/nfsv4-fix-state-reference-counting-in-_nfs4_opendata_reclaim_to_nfs4_state.patch b/queue-3.12/nfsv4-fix-state-reference-counting-in-_nfs4_opendata_reclaim_to_nfs4_state.patch new file mode 100644 index 00000000000..8a006341cca --- /dev/null +++ b/queue-3.12/nfsv4-fix-state-reference-counting-in-_nfs4_opendata_reclaim_to_nfs4_state.patch @@ -0,0 +1,45 @@ +From d49f042aeec99c5f87160bb52dd52088b1051311 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 28 Oct 2013 14:57:12 -0400 +Subject: NFSv4: Fix state reference counting in _nfs4_opendata_reclaim_to_nfs4_state + +From: Trond Myklebust + +commit d49f042aeec99c5f87160bb52dd52088b1051311 upstream. + +Currently, if the call to nfs_refresh_inode fails, then we end up leaking +a reference count, due to the call to nfs4_get_open_state. +While we're at it, replace nfs4_get_open_state with a simple call to +atomic_inc(); there is no need to do a full lookup of the struct nfs_state +since it is passed as an argument in the struct nfs4_opendata, and +is already assigned to the variable 'state'. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1326,11 +1326,6 @@ _nfs4_opendata_reclaim_to_nfs4_state(str + goto update; + } + +- ret = -ENOMEM; +- state = nfs4_get_open_state(inode, data->owner); +- if (state == NULL) +- goto err; +- + ret = nfs_refresh_inode(inode, &data->f_attr); + if (ret) + goto err; +@@ -1342,6 +1337,7 @@ _nfs4_opendata_reclaim_to_nfs4_state(str + update: + update_open_stateid(state, &data->o_res.stateid, NULL, + data->o_arg.fmode); ++ atomic_inc(&state->count); + + return state; + err: diff --git a/queue-3.12/nfsv4.2-fix-a-mismatch-between-linux-labeled-nfs-and-the-nfsv4.2-spec.patch b/queue-3.12/nfsv4.2-fix-a-mismatch-between-linux-labeled-nfs-and-the-nfsv4.2-spec.patch new file mode 100644 index 00000000000..768476ba58a --- /dev/null +++ b/queue-3.12/nfsv4.2-fix-a-mismatch-between-linux-labeled-nfs-and-the-nfsv4.2-spec.patch @@ -0,0 +1,33 @@ +From f3f5a0f8cc40b942f4c0ae117df82eeb65f07d4d Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 4 Nov 2013 14:38:05 -0500 +Subject: NFSv4.2: Fix a mismatch between Linux labeled NFS and the NFSv4.2 spec + +From: Trond Myklebust + +commit f3f5a0f8cc40b942f4c0ae117df82eeb65f07d4d upstream. + +In the spec, the security label attribute id is '80', which means that +it should be bit number 80-64 == 16 in the 3rd word of the bitmap. + +Fixes: 4488cc96c581: NFS: Add NFSv4.2 protocol constants +Cc: J. Bruce Fields +Cc: Steve Dickson +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/nfs4.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/nfs4.h ++++ b/include/linux/nfs4.h +@@ -395,7 +395,7 @@ enum lock_type4 { + #define FATTR4_WORD1_FS_LAYOUT_TYPES (1UL << 30) + #define FATTR4_WORD2_LAYOUT_BLKSIZE (1UL << 1) + #define FATTR4_WORD2_MDSTHRESHOLD (1UL << 4) +-#define FATTR4_WORD2_SECURITY_LABEL (1UL << 17) ++#define FATTR4_WORD2_SECURITY_LABEL (1UL << 16) + + /* MDS threshold bitmap bits */ + #define THRESHOLD_RD (1UL << 0) diff --git a/queue-3.12/series b/queue-3.12/series index b37fbcd912e..95d351eb9fe 100644 --- a/queue-3.12/series +++ b/queue-3.12/series @@ -56,3 +56,18 @@ alsa-hda-fix-unbalanced-runtime-pm-notification-at-resume.patch alsa-hda-fix-the-headphone-jack-detection-on-sony-vaio-tx.patch alsa-hda-add-headset-quirk-for-dell-inspiron-3135.patch alsa-hda-provide-missing-pin-configs-for-vaio-with-alc260.patch +nfsv4.2-fix-a-mismatch-between-linux-labeled-nfs-and-the-nfsv4.2-spec.patch +nfsv4-fix-a-use-after-free-situation-in-_nfs4_proc_getlk.patch +nfsv4-fix-null-dereference-in-open-recover.patch +nfsv4-don-t-fail-on-missing-fattr-in-open-recover.patch +nfsv4-don-t-reprocess-cached-open-claim_previous.patch +nfsv4-fix-state-reference-counting-in-_nfs4_opendata_reclaim_to_nfs4_state.patch +nfs-fix-inverted-test-for-delegation-in-nfs4_reclaim_open_state.patch +nfs-fix-oops-when-trying-to-set-selinux-label.patch +nfs-fix-a-missing-initialisation-when-reading-the-selinux-label.patch +nfsd-return-better-errors-to-exportfs.patch +nfsd4-fix-discarded-security-labels-on-setattr.patch +nfs-don-t-retry-detect_trunking-with-rpc_auth_unix-more-than-once.patch +nfsd-split-up-nfsd_setattr.patch +nfsd-make-sure-to-balance-get-put_write_access.patch +nfsd4-fix-xdr-decoding-of-large-non-write-compounds.patch