From: Greg Kroah-Hartman Date: Sat, 2 May 2015 17:59:28 +0000 (+0200) Subject: 4.0-stable patches X-Git-Tag: v3.10.77~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8223bada21897a1d7b31d2717a7ad640546c6cf;p=thirdparty%2Fkernel%2Fstable-queue.git 4.0-stable patches added patches: iommu-vt-d-allow-rmrr-on-graphics-devices-too.patch nfs-add-a-stub-for-getdevicelist.patch nfs-fix-dio-good-bytes-calculation.patch nfs-fix-high-load-average-due-to-callback-thread-sleeping.patch nfs-remove-warn_on_once-from-nfs_direct_good_bytes.patch nfsd-eliminate-nfsd_debug.patch nfsd-fix-nsfd-startup-race-triggering-bug_on.patch nfsd4-disallow-allocate-with-special-stateids.patch nfsd4-disallow-seek-with-special-stateids.patch nfsd4-fix-read-permission-checking.patch revert-nfs-replace-nfs_add_stats-with-nfs_inc_stats-when-add-one.patch sched-deadline-always-enqueue-on-previous-rq-when-dl_task_timer-fires.patch --- diff --git a/queue-4.0/iommu-vt-d-allow-rmrr-on-graphics-devices-too.patch b/queue-4.0/iommu-vt-d-allow-rmrr-on-graphics-devices-too.patch new file mode 100644 index 00000000000..1e23474ce06 --- /dev/null +++ b/queue-4.0/iommu-vt-d-allow-rmrr-on-graphics-devices-too.patch @@ -0,0 +1,63 @@ +From 18436afdc11a00ac881990b454cfb2eae81d6003 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Wed, 25 Mar 2015 15:05:47 +0000 +Subject: iommu/vt-d: Allow RMRR on graphics devices too + +From: David Woodhouse + +commit 18436afdc11a00ac881990b454cfb2eae81d6003 upstream. + +Commit c875d2c1 ("iommu/vt-d: Exclude devices using RMRRs from IOMMU API +domains") prevents certain options for devices with RMRRs. This even +prevents those devices from getting a 1:1 mapping with 'iommu=pt', +because we don't have the code to handle *preserving* the RMRR regions +when moving the device between domains. + +There's already an exclusion for USB devices, because we know the only +reason for RMRRs there is a misguided desire to keep legacy +keyboard/mouse emulation running in some theoretical OS which doesn't +have support for USB in its own right... but which *does* enable the +IOMMU. + +Add an exclusion for graphics devices too, so that 'iommu=pt' works +there. We should be able to successfully assign graphics devices to +guests too, as long as the initial handling of stolen memory is +reconfigured appropriately. This has certainly worked in the past. + +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/intel-iommu.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -50,6 +50,7 @@ + #define CONTEXT_SIZE VTD_PAGE_SIZE + + #define IS_GFX_DEVICE(pdev) ((pdev->class >> 16) == PCI_BASE_CLASS_DISPLAY) ++#define IS_USB_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) + #define IS_ISA_DEVICE(pdev) ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) + #define IS_AZALIA(pdev) ((pdev)->vendor == 0x8086 && (pdev)->device == 0x3a3e) + +@@ -2554,6 +2555,10 @@ static bool device_has_rmrr(struct devic + * In both cases we assume that PCI USB devices with RMRRs have them largely + * for historical reasons and that the RMRR space is not actively used post + * boot. This exclusion may change if vendors begin to abuse it. ++ * ++ * The same exception is made for graphics devices, with the requirement that ++ * any use of the RMRR regions will be torn down before assigning the device ++ * to a guest. + */ + static bool device_is_rmrr_locked(struct device *dev) + { +@@ -2563,7 +2568,7 @@ static bool device_is_rmrr_locked(struct + if (dev_is_pci(dev)) { + struct pci_dev *pdev = to_pci_dev(dev); + +- if ((pdev->class >> 8) == PCI_CLASS_SERIAL_USB) ++ if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) + return false; + } + diff --git a/queue-4.0/nfs-add-a-stub-for-getdevicelist.patch b/queue-4.0/nfs-add-a-stub-for-getdevicelist.patch new file mode 100644 index 00000000000..d96bdf51167 --- /dev/null +++ b/queue-4.0/nfs-add-a-stub-for-getdevicelist.patch @@ -0,0 +1,46 @@ +From 7c61f0d3897eeeff6f3294adb9f910ddefa8035a Mon Sep 17 00:00:00 2001 +From: Anna Schumaker +Date: Tue, 14 Apr 2015 10:34:20 -0400 +Subject: NFS: Add a stub for GETDEVICELIST + +From: Anna Schumaker + +commit 7c61f0d3897eeeff6f3294adb9f910ddefa8035a upstream. + +d4b18c3e (pnfs: remove GETDEVICELIST implementation) removed the +GETDEVICELIST operation from the NFS client, but left a "hole" in the +nfs4_procedures array. This caused /proc/self/mountstats to report an +operation named "51" where GETDEVICELIST used to be. This patch adds a +stub to fix mountstats. + +Signed-off-by: Anna Schumaker +Fixes: d4b18c3e (pnfs: remove GETDEVICELIST implementation) +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4xdr.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/nfs/nfs4xdr.c ++++ b/fs/nfs/nfs4xdr.c +@@ -7365,6 +7365,11 @@ nfs4_stat_to_errno(int stat) + .p_name = #proc, \ + } + ++#define STUB(proc) \ ++[NFSPROC4_CLNT_##proc] = { \ ++ .p_name = #proc, \ ++} ++ + struct rpc_procinfo nfs4_procedures[] = { + PROC(READ, enc_read, dec_read), + PROC(WRITE, enc_write, dec_write), +@@ -7417,6 +7422,7 @@ struct rpc_procinfo nfs4_procedures[] = + PROC(SECINFO_NO_NAME, enc_secinfo_no_name, dec_secinfo_no_name), + PROC(TEST_STATEID, enc_test_stateid, dec_test_stateid), + PROC(FREE_STATEID, enc_free_stateid, dec_free_stateid), ++ STUB(GETDEVICELIST), + PROC(BIND_CONN_TO_SESSION, + enc_bind_conn_to_session, dec_bind_conn_to_session), + PROC(DESTROY_CLIENTID, enc_destroy_clientid, dec_destroy_clientid), diff --git a/queue-4.0/nfs-fix-dio-good-bytes-calculation.patch b/queue-4.0/nfs-fix-dio-good-bytes-calculation.patch new file mode 100644 index 00000000000..f7706a8a03a --- /dev/null +++ b/queue-4.0/nfs-fix-dio-good-bytes-calculation.patch @@ -0,0 +1,67 @@ +From 1ccbad9f9f9bd36db26a10f0b17fbaf12b3ae93a Mon Sep 17 00:00:00 2001 +From: Peng Tao +Date: Thu, 9 Apr 2015 23:02:16 +0800 +Subject: nfs: fix DIO good bytes calculation + +From: Peng Tao + +commit 1ccbad9f9f9bd36db26a10f0b17fbaf12b3ae93a upstream. + +For direct read that has IO size larger than rsize, we'll split +it into several READ requests and nfs_direct_good_bytes() would +count completed bytes incorrectly by eating last zero count reply. + +Fix it by handling mirror and non-mirror cases differently such that +we only count mirrored writes differently. + +This fixes 5fadeb47("nfs: count DIO good bytes correctly with mirroring"). + +Reported-by: Jean Spector +Signed-off-by: Peng Tao +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/direct.c | 29 +++++++++++++++++------------ + 1 file changed, 17 insertions(+), 12 deletions(-) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -131,20 +131,25 @@ nfs_direct_good_bytes(struct nfs_direct_ + + WARN_ON_ONCE(hdr->pgio_mirror_idx >= dreq->mirror_count); + +- count = dreq->mirrors[hdr->pgio_mirror_idx].count; +- if (count + dreq->io_start < hdr->io_start + hdr->good_bytes) { +- count = hdr->io_start + hdr->good_bytes - dreq->io_start; +- dreq->mirrors[hdr->pgio_mirror_idx].count = count; +- } +- +- /* update the dreq->count by finding the minimum agreed count from all +- * mirrors */ +- count = dreq->mirrors[0].count; ++ if (dreq->mirror_count == 1) { ++ dreq->mirrors[hdr->pgio_mirror_idx].count += hdr->good_bytes; ++ dreq->count += hdr->good_bytes; ++ } else { ++ /* mirrored writes */ ++ count = dreq->mirrors[hdr->pgio_mirror_idx].count; ++ if (count + dreq->io_start < hdr->io_start + hdr->good_bytes) { ++ count = hdr->io_start + hdr->good_bytes - dreq->io_start; ++ dreq->mirrors[hdr->pgio_mirror_idx].count = count; ++ } ++ /* update the dreq->count by finding the minimum agreed count from all ++ * mirrors */ ++ count = dreq->mirrors[0].count; + +- for (i = 1; i < dreq->mirror_count; i++) +- count = min(count, dreq->mirrors[i].count); ++ for (i = 1; i < dreq->mirror_count; i++) ++ count = min(count, dreq->mirrors[i].count); + +- dreq->count = count; ++ dreq->count = count; ++ } + } + + /* diff --git a/queue-4.0/nfs-fix-high-load-average-due-to-callback-thread-sleeping.patch b/queue-4.0/nfs-fix-high-load-average-due-to-callback-thread-sleeping.patch new file mode 100644 index 00000000000..505518484e3 --- /dev/null +++ b/queue-4.0/nfs-fix-high-load-average-due-to-callback-thread-sleeping.patch @@ -0,0 +1,62 @@ +From 5d05e54af3cdbb13cf19c557ff2184781b91a22c Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Fri, 20 Mar 2015 15:15:14 -0400 +Subject: nfs: fix high load average due to callback thread sleeping +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jeff Layton + +commit 5d05e54af3cdbb13cf19c557ff2184781b91a22c upstream. + +Chuck pointed out a problem that crept in with commit 6ffa30d3f734 (nfs: +don't call blocking operations while !TASK_RUNNING). Linux counts tasks +in uninterruptible sleep against the load average, so this caused the +system's load average to be pinned at at least 1 when there was a +NFSv4.1+ mount active. + +Not a huge problem, but it's probably worth fixing before we get too +many complaints about it. This patch converts the code back to use +TASK_INTERRUPTIBLE sleep, simply has it flush any signals on each loop +iteration. In practice no one should really be signalling this thread at +all, so I think this is reasonably safe. + +With this change, there's also no need to game the hung task watchdog so +we can also convert the schedule_timeout call back to a normal schedule. + +Reported-by: Chuck Lever +Signed-off-by: Jeff Layton +Tested-by: Chuck Lever +Fixes: commit 6ffa30d3f734 (“nfs: don't call blocking . . .”) +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/callback.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -128,7 +128,7 @@ nfs41_callback_svc(void *vrqstp) + if (try_to_freeze()) + continue; + +- prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_UNINTERRUPTIBLE); ++ prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); + spin_lock_bh(&serv->sv_cb_lock); + if (!list_empty(&serv->sv_cb_list)) { + req = list_first_entry(&serv->sv_cb_list, +@@ -142,10 +142,10 @@ nfs41_callback_svc(void *vrqstp) + error); + } else { + spin_unlock_bh(&serv->sv_cb_lock); +- /* schedule_timeout to game the hung task watchdog */ +- schedule_timeout(60 * HZ); ++ schedule(); + finish_wait(&serv->sv_cb_waitq, &wq); + } ++ flush_signals(current); + } + return 0; + } diff --git a/queue-4.0/nfs-remove-warn_on_once-from-nfs_direct_good_bytes.patch b/queue-4.0/nfs-remove-warn_on_once-from-nfs_direct_good_bytes.patch new file mode 100644 index 00000000000..c0d4692dc58 --- /dev/null +++ b/queue-4.0/nfs-remove-warn_on_once-from-nfs_direct_good_bytes.patch @@ -0,0 +1,33 @@ +From 05f54903d9d370a4cd302a85681304d3ec59e5c1 Mon Sep 17 00:00:00 2001 +From: Peng Tao +Date: Thu, 9 Apr 2015 23:02:17 +0800 +Subject: nfs: remove WARN_ON_ONCE from nfs_direct_good_bytes + +From: Peng Tao + +commit 05f54903d9d370a4cd302a85681304d3ec59e5c1 upstream. + +For flexfiles driver, we might choose to read from mirror index other +than 0 while mirror_count is always 1 for read. + +Reported-by: Jean Spector +Cc: Weston Andros Adamson +Signed-off-by: Peng Tao +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/direct.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -129,8 +129,6 @@ nfs_direct_good_bytes(struct nfs_direct_ + int i; + ssize_t count; + +- WARN_ON_ONCE(hdr->pgio_mirror_idx >= dreq->mirror_count); +- + if (dreq->mirror_count == 1) { + dreq->mirrors[hdr->pgio_mirror_idx].count += hdr->good_bytes; + dreq->count += hdr->good_bytes; diff --git a/queue-4.0/nfsd-eliminate-nfsd_debug.patch b/queue-4.0/nfsd-eliminate-nfsd_debug.patch new file mode 100644 index 00000000000..fda3dabe126 --- /dev/null +++ b/queue-4.0/nfsd-eliminate-nfsd_debug.patch @@ -0,0 +1,83 @@ +From 135dd002c23054aaa056ea3162c1e0356905c195 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Mon, 6 Apr 2015 09:46:00 -0400 +Subject: nfsd: eliminate NFSD_DEBUG + +From: Mark Salter + +commit 135dd002c23054aaa056ea3162c1e0356905c195 upstream. + +Commit f895b252d4edf ("sunrpc: eliminate RPC_DEBUG") introduced +use of IS_ENABLED() in a uapi header which leads to a build +failure for userspace apps trying to use : + + linux/nfsd/debug.h:18:15: error: missing binary operator before token "(" + #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) + ^ + +Since this was only used to define NFSD_DEBUG if CONFIG_SUNRPC_DEBUG +is enabled, replace instances of NFSD_DEBUG with CONFIG_SUNRPC_DEBUG. + +Fixes: f895b252d4edf "sunrpc: eliminate RPC_DEBUG" +Signed-off-by: Mark Salter +Reviewed-by: Jeff Layton +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/lockd/svcsubs.c | 2 +- + fs/nfsd/nfs4state.c | 2 +- + fs/nfsd/nfsd.h | 2 +- + include/uapi/linux/nfsd/debug.h | 8 -------- + 4 files changed, 3 insertions(+), 11 deletions(-) + +--- a/fs/lockd/svcsubs.c ++++ b/fs/lockd/svcsubs.c +@@ -31,7 +31,7 @@ + static struct hlist_head nlm_files[FILE_NRHASH]; + static DEFINE_MUTEX(nlm_file_mutex); + +-#ifdef NFSD_DEBUG ++#ifdef CONFIG_SUNRPC_DEBUG + static inline void nlm_debug_print_fh(char *msg, struct nfs_fh *f) + { + u32 *fhp = (u32*)f->data; +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -1139,7 +1139,7 @@ hash_sessionid(struct nfs4_sessionid *se + return sid->sequence % SESSION_HASH_SIZE; + } + +-#ifdef NFSD_DEBUG ++#ifdef CONFIG_SUNRPC_DEBUG + static inline void + dump_sessionid(const char *fn, struct nfs4_sessionid *sessionid) + { +--- a/fs/nfsd/nfsd.h ++++ b/fs/nfsd/nfsd.h +@@ -24,7 +24,7 @@ + #include "export.h" + + #undef ifdebug +-#ifdef NFSD_DEBUG ++#ifdef CONFIG_SUNRPC_DEBUG + # define ifdebug(flag) if (nfsd_debug & NFSDDBG_##flag) + #else + # define ifdebug(flag) if (0) +--- a/include/uapi/linux/nfsd/debug.h ++++ b/include/uapi/linux/nfsd/debug.h +@@ -12,14 +12,6 @@ + #include + + /* +- * Enable debugging for nfsd. +- * Requires RPC_DEBUG. +- */ +-#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) +-# define NFSD_DEBUG 1 +-#endif +- +-/* + * knfsd debug flags + */ + #define NFSDDBG_SOCK 0x0001 diff --git a/queue-4.0/nfsd-fix-nsfd-startup-race-triggering-bug_on.patch b/queue-4.0/nfsd-fix-nsfd-startup-race-triggering-bug_on.patch new file mode 100644 index 00000000000..36c5d2870b5 --- /dev/null +++ b/queue-4.0/nfsd-fix-nsfd-startup-race-triggering-bug_on.patch @@ -0,0 +1,88 @@ +From bb7ffbf29e76b89a86ca4c3ee0d4690641f2f772 Mon Sep 17 00:00:00 2001 +From: Giuseppe Cantavenera +Date: Mon, 20 Apr 2015 18:00:08 +0200 +Subject: nfsd: fix nsfd startup race triggering BUG_ON + +From: Giuseppe Cantavenera + +commit bb7ffbf29e76b89a86ca4c3ee0d4690641f2f772 upstream. + +nfsd triggered a BUG_ON in net_generic(...) when rpc_pipefs_event(...) +in fs/nfsd/nfs4recover.c was called before assigning ntfsd_net_id. +The following was observed on a MIPS 32-core processor: +kernel: Call Trace: +kernel: [] rpc_pipefs_event+0x7c/0x158 [nfsd] +kernel: [] notifier_call_chain+0x70/0xb8 +kernel: [] __blocking_notifier_call_chain+0x4c/0x70 +kernel: [] rpc_fill_super+0xf8/0x1a0 +kernel: [] mount_ns+0xb4/0xf0 +kernel: [] mount_fs+0x50/0x1f8 +kernel: [] vfs_kern_mount+0x58/0xf0 +kernel: [] do_mount+0x27c/0xa28 +kernel: [] SyS_mount+0x98/0xe8 +kernel: [] handle_sys64+0x44/0x68 +kernel: +kernel: + Code: 0040f809 00000000 2e020001 <00020336> 3c12c00d + 3c02801a de100000 6442eb98 0040f809 +kernel: ---[ end trace 7471374335809536 ]--- + +Fixed this behaviour by calling register_pernet_subsys(&nfsd_net_ops) before +registering rpc_pipefs_event(...) with the notifier chain. + +Signed-off-by: Giuseppe Cantavenera +Signed-off-by: Lorenzo Restelli +Reviewed-by: Kinlong Mee +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfsctl.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1250,15 +1250,15 @@ static int __init init_nfsd(void) + int retval; + printk(KERN_INFO "Installing knfsd (copyright (C) 1996 okir@monad.swb.de).\n"); + +- retval = register_cld_notifier(); +- if (retval) +- return retval; + retval = register_pernet_subsys(&nfsd_net_ops); + if (retval < 0) +- goto out_unregister_notifier; +- retval = nfsd4_init_slabs(); ++ return retval; ++ retval = register_cld_notifier(); + if (retval) + goto out_unregister_pernet; ++ retval = nfsd4_init_slabs(); ++ if (retval) ++ goto out_unregister_notifier; + retval = nfsd4_init_pnfs(); + if (retval) + goto out_free_slabs; +@@ -1290,10 +1290,10 @@ out_exit_pnfs: + nfsd4_exit_pnfs(); + out_free_slabs: + nfsd4_free_slabs(); +-out_unregister_pernet: +- unregister_pernet_subsys(&nfsd_net_ops); + out_unregister_notifier: + unregister_cld_notifier(); ++out_unregister_pernet: ++ unregister_pernet_subsys(&nfsd_net_ops); + return retval; + } + +@@ -1308,8 +1308,8 @@ static void __exit exit_nfsd(void) + nfsd4_exit_pnfs(); + nfsd_fault_inject_cleanup(); + unregister_filesystem(&nfsd_fs_type); +- unregister_pernet_subsys(&nfsd_net_ops); + unregister_cld_notifier(); ++ unregister_pernet_subsys(&nfsd_net_ops); + } + + MODULE_AUTHOR("Olaf Kirch "); diff --git a/queue-4.0/nfsd4-disallow-allocate-with-special-stateids.patch b/queue-4.0/nfsd4-disallow-allocate-with-special-stateids.patch new file mode 100644 index 00000000000..9aa09670f7e --- /dev/null +++ b/queue-4.0/nfsd4-disallow-allocate-with-special-stateids.patch @@ -0,0 +1,38 @@ +From 5ba4a25ab7b13be528b23f85182f4d09cf7f71ad Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Fri, 3 Apr 2015 16:24:27 -0400 +Subject: nfsd4: disallow ALLOCATE with special stateids + +From: "J. Bruce Fields" + +commit 5ba4a25ab7b13be528b23f85182f4d09cf7f71ad upstream. + +vfs_fallocate will hit a NULL dereference if the client tries an +ALLOCATE or DEALLOCATE with a special stateid. Fix that. (We also +depend on the open to have broken any conflicting leases or delegations +for us.) + +(If it turns out we need to allow special stateid's then we could do a +temporary open here in the special-stateid case, as we do for read and +write. For now I'm assuming it's not necessary.) + +Fixes: 95d871f03cae "nfsd: Add ALLOCATE support" +Cc: Anna Schumaker +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4proc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1030,6 +1030,8 @@ nfsd4_fallocate(struct svc_rqst *rqstp, + dprintk("NFSD: nfsd4_fallocate: couldn't process stateid!\n"); + return status; + } ++ if (!file) ++ return nfserr_bad_stateid; + + status = nfsd4_vfs_fallocate(rqstp, &cstate->current_fh, file, + fallocate->falloc_offset, diff --git a/queue-4.0/nfsd4-disallow-seek-with-special-stateids.patch b/queue-4.0/nfsd4-disallow-seek-with-special-stateids.patch new file mode 100644 index 00000000000..b4cbe70f64f --- /dev/null +++ b/queue-4.0/nfsd4-disallow-seek-with-special-stateids.patch @@ -0,0 +1,33 @@ +From 980608fb50aea34993ba956b71cd4602aa42b14b Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Tue, 21 Apr 2015 15:25:39 -0400 +Subject: nfsd4: disallow SEEK with special stateids + +From: "J. Bruce Fields" + +commit 980608fb50aea34993ba956b71cd4602aa42b14b upstream. + +If the client uses a special stateid then we'll pass a NULL file to +vfs_llseek. + +Fixes: 24bab491220f " NFSD: Implement SEEK" +Cc: Anna Schumaker +Reported-by: Christoph Hellwig +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4proc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1071,6 +1071,8 @@ nfsd4_seek(struct svc_rqst *rqstp, struc + dprintk("NFSD: nfsd4_seek: couldn't process stateid!\n"); + return status; + } ++ if (!file) ++ return nfserr_bad_stateid; + + switch (seek->seek_whence) { + case NFS4_CONTENT_DATA: diff --git a/queue-4.0/nfsd4-fix-read-permission-checking.patch b/queue-4.0/nfsd4-fix-read-permission-checking.patch new file mode 100644 index 00000000000..3440cf71a57 --- /dev/null +++ b/queue-4.0/nfsd4-fix-read-permission-checking.patch @@ -0,0 +1,52 @@ +From 6e4891dc289cd191d46ab7ba1dcb29646644f9ca Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Fri, 3 Apr 2015 17:19:41 -0400 +Subject: nfsd4: fix READ permission checking + +From: "J. Bruce Fields" + +commit 6e4891dc289cd191d46ab7ba1dcb29646644f9ca upstream. + +In the case we already have a struct file (derived from a stateid), we +still need to do permission-checking; otherwise an unauthorized user +could gain access to a file by sniffing or guessing somebody else's +stateid. + +Fixes: dc97618ddda9 "nfsd4: separate splice and readv cases" +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4xdr.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3422,6 +3422,7 @@ nfsd4_encode_read(struct nfsd4_compoundr + unsigned long maxcount; + struct xdr_stream *xdr = &resp->xdr; + struct file *file = read->rd_filp; ++ struct svc_fh *fhp = read->rd_fhp; + int starting_len = xdr->buf->len; + struct raparms *ra; + __be32 *p; +@@ -3445,12 +3446,15 @@ nfsd4_encode_read(struct nfsd4_compoundr + maxcount = min_t(unsigned long, maxcount, (xdr->buf->buflen - xdr->buf->len)); + maxcount = min_t(unsigned long, maxcount, read->rd_length); + +- if (!read->rd_filp) { ++ if (read->rd_filp) ++ err = nfsd_permission(resp->rqstp, fhp->fh_export, ++ fhp->fh_dentry, ++ NFSD_MAY_READ|NFSD_MAY_OWNER_OVERRIDE); ++ else + err = nfsd_get_tmp_read_open(resp->rqstp, read->rd_fhp, + &file, &ra); +- if (err) +- goto err_truncate; +- } ++ if (err) ++ goto err_truncate; + + if (file->f_op->splice_read && test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) + err = nfsd4_encode_splice_read(resp, read, file, maxcount); diff --git a/queue-4.0/revert-nfs-replace-nfs_add_stats-with-nfs_inc_stats-when-add-one.patch b/queue-4.0/revert-nfs-replace-nfs_add_stats-with-nfs_inc_stats-when-add-one.patch new file mode 100644 index 00000000000..9688bd37bc1 --- /dev/null +++ b/queue-4.0/revert-nfs-replace-nfs_add_stats-with-nfs_inc_stats-when-add-one.patch @@ -0,0 +1,54 @@ +From 3708f842e107b9b79d54a75d152e666b693649e8 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Thu, 16 Apr 2015 18:48:39 +0800 +Subject: Revert "nfs: replace nfs_add_stats with nfs_inc_stats when add one" + +From: Nicolas Iooss + +commit 3708f842e107b9b79d54a75d152e666b693649e8 upstream. + +This reverts commit 5a254d08b086d80cbead2ebcee6d2a4b3a15587a. + +Since commit 5a254d08b086 ("nfs: replace nfs_add_stats with +nfs_inc_stats when add one"), nfs_readpage and nfs_do_writepage use +nfs_inc_stats to increment NFSIOS_READPAGES and NFSIOS_WRITEPAGES +instead of nfs_add_stats. + +However nfs_inc_stats does not do the same thing as nfs_add_stats with +value 1 because these functions work on distinct stats: +nfs_inc_stats increments stats from "enum nfs_stat_eventcounters" (in +server->io_stats->events) and nfs_add_stats those from "enum +nfs_stat_bytecounters" (in server->io_stats->bytes). + +Signed-off-by: Nicolas Iooss +Fixes: 5a254d08b086 ("nfs: replace nfs_add_stats with nfs_inc_stats...") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/read.c | 2 +- + fs/nfs/write.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfs/read.c ++++ b/fs/nfs/read.c +@@ -284,7 +284,7 @@ int nfs_readpage(struct file *file, stru + dprintk("NFS: nfs_readpage (%p %ld@%lu)\n", + page, PAGE_CACHE_SIZE, page_file_index(page)); + nfs_inc_stats(inode, NFSIOS_VFSREADPAGE); +- nfs_inc_stats(inode, NFSIOS_READPAGES); ++ nfs_add_stats(inode, NFSIOS_READPAGES, 1); + + /* + * Try to flush any pending writes to the file.. +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -580,7 +580,7 @@ static int nfs_do_writepage(struct page + int ret; + + nfs_inc_stats(inode, NFSIOS_VFSWRITEPAGE); +- nfs_inc_stats(inode, NFSIOS_WRITEPAGES); ++ nfs_add_stats(inode, NFSIOS_WRITEPAGES, 1); + + nfs_pageio_cond_complete(pgio, page_file_index(page)); + ret = nfs_page_async_flush(pgio, page, wbc->sync_mode == WB_SYNC_NONE); diff --git a/queue-4.0/sched-deadline-always-enqueue-on-previous-rq-when-dl_task_timer-fires.patch b/queue-4.0/sched-deadline-always-enqueue-on-previous-rq-when-dl_task_timer-fires.patch new file mode 100644 index 00000000000..5419dffa800 --- /dev/null +++ b/queue-4.0/sched-deadline-always-enqueue-on-previous-rq-when-dl_task_timer-fires.patch @@ -0,0 +1,54 @@ +From 4cd57f97135840f637431c92380c8da3edbe44ed Mon Sep 17 00:00:00 2001 +From: Juri Lelli +Date: Tue, 31 Mar 2015 09:53:36 +0100 +Subject: sched/deadline: Always enqueue on previous rq when dl_task_timer() fires + +From: Juri Lelli + +commit 4cd57f97135840f637431c92380c8da3edbe44ed upstream. + +dl_task_timer() may fire on a different rq from where a task was removed +after throttling. Since the call path is: + + dl_task_timer() -> + enqueue_task_dl() -> + enqueue_dl_entity() -> + replenish_dl_entity() + +and replenish_dl_entity() uses dl_se's rq, we can't use current's rq +in dl_task_timer(), but we need to lock the task's previous one. + +Tested-by: Wanpeng Li +Signed-off-by: Juri Lelli +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Kirill Tkhai +Cc: Juri Lelli +Fixes: 3960c8c0c789 ("sched: Make dl_task_time() use task_rq_lock()") +Link: http://lkml.kernel.org/r/1427792017-7356-1-git-send-email-juri.lelli@arm.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/deadline.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/sched/deadline.c ++++ b/kernel/sched/deadline.c +@@ -514,7 +514,7 @@ static enum hrtimer_restart dl_task_time + unsigned long flags; + struct rq *rq; + +- rq = task_rq_lock(current, &flags); ++ rq = task_rq_lock(p, &flags); + + /* + * We need to take care of several possible races here: +@@ -569,7 +569,7 @@ static enum hrtimer_restart dl_task_time + push_dl_task(rq); + #endif + unlock: +- task_rq_unlock(rq, current, &flags); ++ task_rq_unlock(rq, p, &flags); + + return HRTIMER_NORESTART; + } diff --git a/queue-4.0/series b/queue-4.0/series index fd7cb737dd4..c8bacbe5065 100644 --- a/queue-4.0/series +++ b/queue-4.0/series @@ -194,3 +194,15 @@ drm-adv7511-fix-nested-sleep-when-reading-edid.patch drm-i915-vlv-fix-save-restore-of-gfx_max_req_count-reg.patch drm-i915-cope-with-large-i2c-transfers.patch rcu-pathwalk-breakage-when-running-into-a-symlink-overmounting-something.patch +revert-nfs-replace-nfs_add_stats-with-nfs_inc_stats-when-add-one.patch +nfsd4-disallow-allocate-with-special-stateids.patch +nfsd4-fix-read-permission-checking.patch +nfsd4-disallow-seek-with-special-stateids.patch +nfsd-eliminate-nfsd_debug.patch +nfsd-fix-nsfd-startup-race-triggering-bug_on.patch +nfs-fix-high-load-average-due-to-callback-thread-sleeping.patch +nfs-fix-dio-good-bytes-calculation.patch +nfs-remove-warn_on_once-from-nfs_direct_good_bytes.patch +nfs-add-a-stub-for-getdevicelist.patch +iommu-vt-d-allow-rmrr-on-graphics-devices-too.patch +sched-deadline-always-enqueue-on-previous-rq-when-dl_task_timer-fires.patch