From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 14 Oct 2012 10:35:57 +0000 (-0700)
Subject: 3.4-stable patches
X-Git-Tag: v3.0.47~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e00b1083cb0ab78b38388217dad036125cf51d01;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	lockd-use-rpc-client-s-cl_nodename-for-id-encoding.patch
	nfsd4-fix-nfs4-stateid-leak.patch
	nfsd-pass-null-terminated-buf-to-kstrtouint.patch
---

diff --git a/queue-3.4/lockd-use-rpc-client-s-cl_nodename-for-id-encoding.patch b/queue-3.4/lockd-use-rpc-client-s-cl_nodename-for-id-encoding.patch
new file mode 100644
index 00000000000..af82d82a7af
--- /dev/null
+++ b/queue-3.4/lockd-use-rpc-client-s-cl_nodename-for-id-encoding.patch
@@ -0,0 +1,48 @@
+From 303a7ce92064c285a04c870f2dc0192fdb2968cb Mon Sep 17 00:00:00 2001
+From: Stanislav Kinsbursky <skinsbursky@parallels.com>
+Date: Tue, 18 Sep 2012 13:37:18 +0400
+Subject: lockd: use rpc client's cl_nodename for id encoding
+
+From: Stanislav Kinsbursky <skinsbursky@parallels.com>
+
+commit 303a7ce92064c285a04c870f2dc0192fdb2968cb upstream.
+
+Taking hostname from uts namespace if not safe, because this cuold be
+performind during umount operation on child reaper death. And in this case
+current->nsproxy is NULL already.
+
+Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/mon.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/lockd/mon.c
++++ b/fs/lockd/mon.c
+@@ -40,6 +40,7 @@ struct nsm_args {
+ 	u32			proc;
+ 
+ 	char			*mon_name;
++	char			*nodename;
+ };
+ 
+ struct nsm_res {
+@@ -94,6 +95,7 @@ static int nsm_mon_unmon(struct nsm_hand
+ 		.vers		= 3,
+ 		.proc		= NLMPROC_NSM_NOTIFY,
+ 		.mon_name	= nsm->sm_mon_name,
++		.nodename	= utsname()->nodename,
+ 	};
+ 	struct rpc_message msg = {
+ 		.rpc_argp	= &args,
+@@ -430,7 +432,7 @@ static void encode_my_id(struct xdr_stre
+ {
+ 	__be32 *p;
+ 
+-	encode_nsm_string(xdr, utsname()->nodename);
++	encode_nsm_string(xdr, argp->nodename);
+ 	p = xdr_reserve_space(xdr, 4 + 4 + 4);
+ 	*p++ = cpu_to_be32(argp->prog);
+ 	*p++ = cpu_to_be32(argp->vers);
diff --git a/queue-3.4/nfsd-pass-null-terminated-buf-to-kstrtouint.patch b/queue-3.4/nfsd-pass-null-terminated-buf-to-kstrtouint.patch
new file mode 100644
index 00000000000..7b7f16ac76c
--- /dev/null
+++ b/queue-3.4/nfsd-pass-null-terminated-buf-to-kstrtouint.patch
@@ -0,0 +1,31 @@
+From 9959ba0c241a71c7ed8133401cfbbee2720da0b5 Mon Sep 17 00:00:00 2001
+From: Malahal Naineni <malahal@us.ibm.com>
+Date: Sun, 9 Sep 2012 10:25:47 -0500
+Subject: NFSD: pass null terminated buf to kstrtouint()
+
+From: Malahal Naineni <malahal@us.ibm.com>
+
+commit 9959ba0c241a71c7ed8133401cfbbee2720da0b5 upstream.
+
+The 'buf' is prepared with null termination with intention of using it for
+this purpose, but 'name' is passed instead!
+
+Signed-off-by: Malahal Naineni <malahal@us.ibm.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4idmap.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4idmap.c
++++ b/fs/nfsd/nfs4idmap.c
+@@ -581,7 +581,7 @@ numeric_name_to_id(struct svc_rqst *rqst
+ 	/* Just to make sure it's null-terminated: */
+ 	memcpy(buf, name, namelen);
+ 	buf[namelen] = '\0';
+-	ret = kstrtouint(name, 10, id);
++	ret = kstrtouint(buf, 10, id);
+ 	return ret == 0;
+ }
+ 
diff --git a/queue-3.4/nfsd4-fix-nfs4-stateid-leak.patch b/queue-3.4/nfsd4-fix-nfs4-stateid-leak.patch
new file mode 100644
index 00000000000..f7377e82749
--- /dev/null
+++ b/queue-3.4/nfsd4-fix-nfs4-stateid-leak.patch
@@ -0,0 +1,33 @@
+From cf9182e90b2af04245ac4fae497fe73fc71285b4 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Wed, 29 Aug 2012 15:21:58 -0700
+Subject: nfsd4: fix nfs4 stateid leak
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit cf9182e90b2af04245ac4fae497fe73fc71285b4 upstream.
+
+Processes that open and close multiple files may end up setting this
+oo_last_closed_stid without freeing what was previously pointed to.
+This can result in a major leak, visible for example by watching the
+nfsd4_stateids line of /proc/slabinfo.
+
+Reported-by: Cyril B. <cbay@excellency.fr>
+Tested-by: Cyril B. <cbay@excellency.fr>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -3783,6 +3783,7 @@ nfsd4_close(struct svc_rqst *rqstp, stru
+ 	memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
+ 
+ 	nfsd4_close_open_stateid(stp);
++	release_last_closed_stateid(oo);
+ 	oo->oo_last_closed_stid = stp;
+ 
+ 	/* place unused nfs4_stateowners on so_close_lru list to be
diff --git a/queue-3.4/series b/queue-3.4/series
index 886bbb89898..4b8fdd6503f 100644
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -1 +1,4 @@
 arm-vfp-fix-saving-d16-d31-vfp-registers-on-v6-kernels.patch
+nfsd4-fix-nfs4-stateid-leak.patch
+nfsd-pass-null-terminated-buf-to-kstrtouint.patch
+lockd-use-rpc-client-s-cl_nodename-for-id-encoding.patch