From: Greg Kroah-Hartman Date: Sat, 26 Sep 2015 03:55:44 +0000 (-0700) Subject: 3.14-stable patches X-Git-Tag: v4.1.9~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef87dfb9b8bc50abcbc54c48a296b728fa4fd1e1;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch nfs-nfs_set_pgio_error-sometimes-misses-errors.patch sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch --- diff --git a/queue-3.14/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch b/queue-3.14/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch new file mode 100644 index 00000000000..55a67708856 --- /dev/null +++ b/queue-3.14/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch @@ -0,0 +1,82 @@ +From 18e3b739fdc826481c6a1335ce0c5b19b3d415da Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Sat, 15 Aug 2015 21:52:10 +0800 +Subject: NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client + +From: Kinglong Mee + +commit 18e3b739fdc826481c6a1335ce0c5b19b3d415da upstream. + +---Steps to Reproduce-- + +# cat /etc/exports +/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt) +/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt) + + +# mount -t nfs nfs-server:/nfs/ /mnt/ +# ll /mnt/*/ + + +# cat /etc/exports +/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt,refer=/nfs/old/@nfs-server) +/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt) +# service nfs restart + + +# ll /mnt/*/ --->>>>> oops here + +[ 5123.102925] BUG: unable to handle kernel NULL pointer dereference at (null) +[ 5123.103363] IP: [] nfs4_proc_get_locations+0x9b/0x120 [nfsv4] +[ 5123.103752] PGD 587b9067 PUD 3cbf5067 PMD 0 +[ 5123.104131] Oops: 0000 [#1] +[ 5123.104529] Modules linked in: nfsv4(OE) nfs(OE) fscache(E) nfsd(OE) xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev vmw_balloon parport_pc parport i2c_piix4 shpchp auth_rpcgss nfs_acl vmw_vmci lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi serio_raw scsi_transport_spi e1000 mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd] +[ 5123.105887] CPU: 0 PID: 15853 Comm: ::1-manager Tainted: G OE 4.2.0-rc6+ #214 +[ 5123.106358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014 +[ 5123.106860] task: ffff88007620f300 ti: ffff88005877c000 task.ti: ffff88005877c000 +[ 5123.107363] RIP: 0010:[] [] nfs4_proc_get_locations+0x9b/0x120 [nfsv4] +[ 5123.107909] RSP: 0018:ffff88005877fdb8 EFLAGS: 00010246 +[ 5123.108435] RAX: ffff880053f3bc00 RBX: ffff88006ce6c908 RCX: ffff880053a0d240 +[ 5123.108968] RDX: ffffea0000e6d940 RSI: ffff8800399a0000 RDI: ffff88006ce6c908 +[ 5123.109503] RBP: ffff88005877fe28 R08: ffffffff81c708a0 R09: 0000000000000000 +[ 5123.110045] R10: 00000000000001a2 R11: ffff88003ba7f5c8 R12: ffff880054c55800 +[ 5123.110618] R13: 0000000000000000 R14: ffff880053a0d240 R15: ffff880053a0d240 +[ 5123.111169] FS: 0000000000000000(0000) GS:ffffffff81c27000(0000) knlGS:0000000000000000 +[ 5123.111726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 5123.112286] CR2: 0000000000000000 CR3: 0000000054cac000 CR4: 00000000001406f0 +[ 5123.112888] Stack: +[ 5123.113458] ffffea0000e6d940 ffff8800399a0000 00000000000167d0 0000000000000000 +[ 5123.114049] 0000000000000000 0000000000000000 0000000000000000 00000000a7ec82c6 +[ 5123.114662] ffff88005877fe18 ffffea0000e6d940 ffff8800399a0000 ffff880054c55800 +[ 5123.115264] Call Trace: +[ 5123.115868] [] nfs4_try_migration+0xbb/0x220 [nfsv4] +[ 5123.116487] [] nfs4_run_state_manager+0x4ab/0x7b0 [nfsv4] +[ 5123.117104] [] ? nfs4_do_reclaim+0x510/0x510 [nfsv4] +[ 5123.117813] [] kthread+0xd7/0xf0 +[ 5123.118456] [] ? kthread_worker_fn+0x160/0x160 +[ 5123.119108] [] ret_from_fork+0x3f/0x70 +[ 5123.119723] [] ? kthread_worker_fn+0x160/0x160 +[ 5123.120329] Code: 4c 8b 6a 58 74 17 eb 52 48 8d 55 a8 89 c6 4c 89 e7 e8 4a b5 ff ff 8b 45 b0 85 c0 74 1c 4c 89 f9 48 8b 55 90 48 8b 75 98 48 89 df <41> ff 55 00 3d e8 d8 ff ff 41 89 c6 74 cf 48 8b 4d c8 65 48 33 +[ 5123.121643] RIP [] nfs4_proc_get_locations+0x9b/0x120 [nfsv4] +[ 5123.122308] RSP +[ 5123.122942] CR2: 0000000000000000 + +Fixes: ec011fe847 ("NFS: Introduce a vector of migration recovery ops") +Signed-off-by: Kinglong Mee +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -8368,6 +8368,7 @@ static const struct nfs4_minor_version_o + .reboot_recovery_ops = &nfs41_reboot_recovery_ops, + .nograce_recovery_ops = &nfs41_nograce_recovery_ops, + .state_renewal_ops = &nfs41_state_renewal_ops, ++ .mig_recovery_ops = &nfs41_mig_recovery_ops, + }; + #endif + diff --git a/queue-3.14/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch b/queue-3.14/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch new file mode 100644 index 00000000000..52788baf105 --- /dev/null +++ b/queue-3.14/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch @@ -0,0 +1,35 @@ +From e9ae58aeee8842a50f7e199d602a5ccb2e41a95f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 17 Aug 2015 12:57:07 -0500 +Subject: NFS: nfs_set_pgio_error sometimes misses errors + +From: Trond Myklebust + +commit e9ae58aeee8842a50f7e199d602a5ccb2e41a95f upstream. + +We should ensure that we always set the pgio_header's error field +if a READ or WRITE RPC call returns an error. The current code depends +on 'hdr->good_bytes' always being initialised to a large value, which +is not always done correctly by callers. +When this happens, applications may end up missing important errors. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pagelist.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -60,8 +60,8 @@ EXPORT_SYMBOL_GPL(nfs_pgheader_init); + void nfs_set_pgio_error(struct nfs_pgio_header *hdr, int error, loff_t pos) + { + spin_lock(&hdr->lock); +- if (pos < hdr->io_start + hdr->good_bytes) { +- set_bit(NFS_IOHDR_ERROR, &hdr->flags); ++ if (!test_and_set_bit(NFS_IOHDR_ERROR, &hdr->flags) ++ || pos < hdr->io_start + hdr->good_bytes) { + clear_bit(NFS_IOHDR_EOF, &hdr->flags); + hdr->good_bytes = pos - hdr->io_start; + hdr->error = error; diff --git a/queue-3.14/series b/queue-3.14/series index 011487c2015..28c2ce264c7 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -23,3 +23,6 @@ rc-core-fix-remove-uevent-generation.patch v4l-omap3isp-fix-sub-device-power-management-code.patch btrfs-check-if-previous-transaction-aborted-to-avoid-fs-corruption.patch nfsv4-don-t-set-setattr-for-o_rdonly-o_excl.patch +nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch +nfs-nfs_set_pgio_error-sometimes-misses-errors.patch +sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch diff --git a/queue-3.14/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch b/queue-3.14/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch new file mode 100644 index 00000000000..9dd43c83860 --- /dev/null +++ b/queue-3.14/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch @@ -0,0 +1,28 @@ +From 0c78789e3a030615c6650fde89546cadf40ec2cc Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sat, 29 Aug 2015 13:36:30 -0700 +Subject: SUNRPC: xs_reset_transport must mark the connection as disconnected + +From: Trond Myklebust + +commit 0c78789e3a030615c6650fde89546cadf40ec2cc upstream. + +In case the reconnection attempt fails. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/xprtsock.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -866,6 +866,7 @@ static void xs_reset_transport(struct so + sk->sk_user_data = NULL; + + xs_restore_old_callbacks(transport, sk); ++ xprt_clear_connected(xprt); + write_unlock_bh(&sk->sk_callback_lock); + + sk->sk_no_check = 0;