From: Greg Kroah-Hartman Date: Sun, 2 Jul 2017 08:55:40 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v3.18.60~51 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=729893485827542e94aca267bbaff705661fa5b3;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: nfsv4-fix-a-reference-leak-caused-warning-messages.patch nfsv4.x-callback-create-the-callback-service-through-svc_create_pooled.patch --- diff --git a/queue-4.9/nfsv4-fix-a-reference-leak-caused-warning-messages.patch b/queue-4.9/nfsv4-fix-a-reference-leak-caused-warning-messages.patch new file mode 100644 index 00000000000..3165b678b6a --- /dev/null +++ b/queue-4.9/nfsv4-fix-a-reference-leak-caused-warning-messages.patch @@ -0,0 +1,72 @@ +From 366a1569bff3fe14abfdf9285e31e05e091745f5 Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Mon, 6 Mar 2017 22:29:14 +0800 +Subject: NFSv4: fix a reference leak caused WARNING messages + +From: Kinglong Mee + +commit 366a1569bff3fe14abfdf9285e31e05e091745f5 upstream. + +Because nfs4_opendata_access() has close the state when access is denied, +so the state isn't leak. +Rather than revert the commit a974deee47, I'd like clean the strange state close. + +[ 1615.094218] ------------[ cut here ]------------ +[ 1615.094607] WARNING: CPU: 0 PID: 23702 at lib/list_debug.c:31 __list_add_valid+0x8e/0xa0 +[ 1615.094913] list_add double add: new=ffff9d7901d9f608, prev=ffff9d7901d9f608, next=ffff9d7901ee8dd0. +[ 1615.095458] Modules linked in: nfsv4(E) nfs(E) nfsd(E) tun bridge stp llc fuse ip_set nfnetlink vmw_vsock_vmci_transport vsock f2fs snd_seq_midi snd_seq_midi_event fscrypto coretemp ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_rapl_perf vmw_balloon snd_ens1371 joydev gameport snd_ac97_codec ac97_bus snd_seq snd_pcm snd_rawmidi snd_timer snd_seq_device snd soundcore nfit parport_pc parport acpi_cpufreq tpm_tis tpm_tis_core tpm i2c_piix4 vmw_vmci shpchp auth_rpcgss nfs_acl lockd(E) grace sunrpc(E) xfs libcrc32c vmwgfx drm_kms_helper ttm drm crc32c_intel mptspi e1000 serio_raw scsi_transport_spi mptscsih mptbase ata_generic pata_acpi fjes [last unloaded: nfs] +[ 1615.097663] CPU: 0 PID: 23702 Comm: fstest Tainted: G W E 4.11.0-rc1+ #517 +[ 1615.098015] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 +[ 1615.098807] Call Trace: +[ 1615.099183] dump_stack+0x63/0x86 +[ 1615.099578] __warn+0xcb/0xf0 +[ 1615.099967] warn_slowpath_fmt+0x5f/0x80 +[ 1615.100370] __list_add_valid+0x8e/0xa0 +[ 1615.100760] nfs4_put_state_owner+0x75/0xc0 [nfsv4] +[ 1615.101136] __nfs4_close+0x109/0x140 [nfsv4] +[ 1615.101524] nfs4_close_state+0x15/0x20 [nfsv4] +[ 1615.101949] nfs4_close_context+0x21/0x30 [nfsv4] +[ 1615.102691] __put_nfs_open_context+0xb8/0x110 [nfs] +[ 1615.103155] put_nfs_open_context+0x10/0x20 [nfs] +[ 1615.103586] nfs4_file_open+0x13b/0x260 [nfsv4] +[ 1615.103978] do_dentry_open+0x20a/0x2f0 +[ 1615.104369] ? nfs4_copy_file_range+0x30/0x30 [nfsv4] +[ 1615.104739] vfs_open+0x4c/0x70 +[ 1615.105106] ? may_open+0x5a/0x100 +[ 1615.105469] path_openat+0x623/0x1420 +[ 1615.105823] do_filp_open+0x91/0x100 +[ 1615.106174] ? __alloc_fd+0x3f/0x170 +[ 1615.106568] do_sys_open+0x130/0x220 +[ 1615.106920] ? __put_cred+0x3d/0x50 +[ 1615.107256] SyS_open+0x1e/0x20 +[ 1615.107588] entry_SYSCALL_64_fastpath+0x1a/0xa9 +[ 1615.107922] RIP: 0033:0x7fab599069b0 +[ 1615.108247] RSP: 002b:00007ffcf0600d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 +[ 1615.108575] RAX: ffffffffffffffda RBX: 00007fab59bcfae0 RCX: 00007fab599069b0 +[ 1615.108896] RDX: 0000000000000200 RSI: 0000000000000200 RDI: 00007ffcf060255e +[ 1615.109211] RBP: 0000000000040010 R08: 0000000000000000 R09: 0000000000000016 +[ 1615.109515] R10: 00000000000006a1 R11: 0000000000000246 R12: 0000000000041000 +[ 1615.109806] R13: 0000000000040010 R14: 0000000000001000 R15: 0000000000002710 +[ 1615.110152] ---[ end trace 96ed63b1306bf2f3 ]--- + +Fixes: a974deee47 ("NFSv4: Fix memory and state leak in...") +Signed-off-by: Kinglong Mee +Signed-off-by: Anna Schumaker +Cc: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -2343,8 +2343,6 @@ static int nfs4_opendata_access(struct r + if ((mask & ~cache.mask & (MAY_READ | MAY_EXEC)) == 0) + return 0; + +- /* even though OPEN succeeded, access is denied. Close the file */ +- nfs4_close_state(state, fmode); + return -EACCES; + } + diff --git a/queue-4.9/nfsv4.x-callback-create-the-callback-service-through-svc_create_pooled.patch b/queue-4.9/nfsv4.x-callback-create-the-callback-service-through-svc_create_pooled.patch new file mode 100644 index 00000000000..fdf22cd5dc2 --- /dev/null +++ b/queue-4.9/nfsv4.x-callback-create-the-callback-service-through-svc_create_pooled.patch @@ -0,0 +1,82 @@ +From df807fffaabde625fa9adb82e3e5b88cdaa5709a Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Thu, 27 Apr 2017 11:13:38 +0800 +Subject: NFSv4.x/callback: Create the callback service through svc_create_pooled + +From: Kinglong Mee + +commit df807fffaabde625fa9adb82e3e5b88cdaa5709a upstream. + +As the comments for svc_set_num_threads() said, +" Destroying threads relies on the service threads filling in +rqstp->rq_task, which only the nfs ones do. Assumes the serv +has been created using svc_create_pooled()." + +If creating service through svc_create(), the svc_pool_map_put() +will be called in svc_destroy(), but the pool map isn't used. +So that, the reference of pool map will be drop, the next using +of pool map will get a zero npools. + +[ 137.992130] divide error: 0000 [#1] SMP +[ 137.992148] Modules linked in: nfsd(E) nfsv4 nfs fscache fuse tun bridge stp llc ip_set nfnetlink vmw_vsock_vmci_transport vsock snd_seq_midi snd_seq_midi_event vmw_balloon coretemp crct10dif_pclmul crc32_pclmul ppdev ghash_clmulni_intel intel_rapl_perf joydev snd_ens1371 gameport snd_ac97_codec ac97_bus snd_seq snd_pcm snd_rawmidi snd_timer snd_seq_device snd soundcore parport_pc parport nfit acpi_cpufreq tpm_tis tpm_tis_core tpm vmw_vmci i2c_piix4 shpchp auth_rpcgss nfs_acl lockd(E) grace sunrpc(E) xfs libcrc32c vmwgfx drm_kms_helper ttm crc32c_intel drm e1000 mptspi scsi_transport_spi serio_raw mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd] +[ 137.992336] CPU: 0 PID: 4514 Comm: rpc.nfsd Tainted: G E 4.11.0-rc8+ #536 +[ 137.992777] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 +[ 137.993757] task: ffff955984101d00 task.stack: ffff9873c2604000 +[ 137.994231] RIP: 0010:svc_pool_for_cpu+0x2b/0x80 [sunrpc] +[ 137.994768] RSP: 0018:ffff9873c2607c18 EFLAGS: 00010246 +[ 137.995227] RAX: 0000000000000000 RBX: ffff95598376f000 RCX: 0000000000000002 +[ 137.995673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9559944aec00 +[ 137.996156] RBP: ffff9873c2607c18 R08: ffff9559944aec28 R09: 0000000000000000 +[ 137.996609] R10: 0000000001080002 R11: 0000000000000000 R12: ffff95598376f010 +[ 137.997063] R13: ffff95598376f018 R14: ffff9559944aec28 R15: ffff9559944aec00 +[ 137.997584] FS: 00007f755529eb40(0000) GS:ffff9559bb600000(0000) knlGS:0000000000000000 +[ 137.998048] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 137.998548] CR2: 000055f3aecd9660 CR3: 0000000084290000 CR4: 00000000001406f0 +[ 137.999052] Call Trace: +[ 137.999517] svc_xprt_do_enqueue+0xef/0x260 [sunrpc] +[ 138.000028] svc_xprt_received+0x47/0x90 [sunrpc] +[ 138.000487] svc_add_new_perm_xprt+0x76/0x90 [sunrpc] +[ 138.000981] svc_addsock+0x14b/0x200 [sunrpc] +[ 138.001424] ? recalc_sigpending+0x1b/0x50 +[ 138.001860] ? __getnstimeofday64+0x41/0xd0 +[ 138.002346] ? do_gettimeofday+0x29/0x90 +[ 138.002779] write_ports+0x255/0x2c0 [nfsd] +[ 138.003202] ? _copy_from_user+0x4e/0x80 +[ 138.003676] ? write_recoverydir+0x100/0x100 [nfsd] +[ 138.004098] nfsctl_transaction_write+0x48/0x80 [nfsd] +[ 138.004544] __vfs_write+0x37/0x160 +[ 138.004982] ? selinux_file_permission+0xd7/0x110 +[ 138.005401] ? security_file_permission+0x3b/0xc0 +[ 138.005865] vfs_write+0xb5/0x1a0 +[ 138.006267] SyS_write+0x55/0xc0 +[ 138.006654] entry_SYSCALL_64_fastpath+0x1a/0xa9 +[ 138.007071] RIP: 0033:0x7f7554b9dc30 +[ 138.007437] RSP: 002b:00007ffc9f92c788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 +[ 138.007807] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7554b9dc30 +[ 138.008168] RDX: 0000000000000002 RSI: 00005640cd536640 RDI: 0000000000000003 +[ 138.008573] RBP: 00007ffc9f92c780 R08: 0000000000000001 R09: 0000000000000002 +[ 138.008918] R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000004 +[ 138.009254] R13: 00005640cdbf77a0 R14: 00005640cdbf7720 R15: 00007ffc9f92c238 +[ 138.009610] Code: 0f 1f 44 00 00 48 8b 87 98 00 00 00 55 48 89 e5 48 83 78 08 00 74 10 8b 05 07 42 02 00 83 f8 01 74 40 83 f8 02 74 19 31 c0 31 d2 b7 88 00 00 00 5d 89 d0 48 c1 e0 07 48 03 87 90 00 00 00 c3 +[ 138.010664] RIP: svc_pool_for_cpu+0x2b/0x80 [sunrpc] RSP: ffff9873c2607c18 +[ 138.011061] ---[ end trace b3468224cafa7d11 ]--- + +Signed-off-by: Kinglong Mee +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/callback.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -279,7 +279,7 @@ static struct svc_serv *nfs_callback_cre + printk(KERN_WARNING "nfs_callback_create_svc: no kthread, %d users??\n", + cb_info->users); + +- serv = svc_create(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE, sv_ops); ++ serv = svc_create_pooled(&nfs4_callback_program, NFS4_CALLBACK_BUFSIZE, sv_ops); + if (!serv) { + printk(KERN_ERR "nfs_callback_create_svc: create service failed\n"); + return ERR_PTR(-ENOMEM); diff --git a/queue-4.9/series b/queue-4.9/series index 79db812ae14..7d8218b6713 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -25,3 +25,5 @@ ipv6-do-not-leak-throw-route-references.patch rtnetlink-add-ifla_group-to-ifla_policy.patch netfilter-xt_tcpmss-add-more-sanity-tests-on-tcph-doff.patch netfilter-synproxy-fix-conntrackd-interaction.patch +nfsv4-fix-a-reference-leak-caused-warning-messages.patch +nfsv4.x-callback-create-the-callback-service-through-svc_create_pooled.patch