From 609680c37f5050b26c2538f33baf3f706b819d5c Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 25 Sep 2015 20:55:49 -0700 Subject: [PATCH] 4.2-stable patches added patches: net-sunrpc-fix-tracepoint-warning-unknown-op.patch nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch nfs-fix-truncated-client-owner-id-without-proto-type.patch nfs-nfs_set_pgio_error-sometimes-misses-errors.patch nfs41-flexfiles-update-inode-after-write-finishes.patch nfs41-flexfiles-zero-out-ds-write-wcc.patch nfsv4-force-a-post-op-attribute-update-when-holding-a-delegation.patch nfsv4.1-fix-a-protocol-issue-with-close-stateids.patch nfsv4.1-flexfiles-fix-a-protocol-error-in-layoutreturn.patch revert-nfsv4-remove-incorrect-check-in-can_open_delegated.patch sunrpc-fix-a-thinko-in-xs_connect.patch sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch svcrdma-change-maximum-server-payload-back-to-rpcsvc_maxpayload.patch --- ...pc-fix-tracepoint-warning-unknown-op.patch | 89 +++++++++++++++++++ ...gration-recovery-ops-for-v4.2-client.patch | 82 +++++++++++++++++ ...d-client-owner-id-without-proto-type.patch | 37 ++++++++ ...t_pgio_error-sometimes-misses-errors.patch | 35 ++++++++ ...es-update-inode-after-write-finishes.patch | 34 +++++++ ...fs41-flexfiles-zero-out-ds-write-wcc.patch | 30 +++++++ ...ute-update-when-holding-a-delegation.patch | 37 ++++++++ ...a-protocol-issue-with-close-stateids.patch | 71 +++++++++++++++ ...fix-a-protocol-error-in-layoutreturn.patch | 54 +++++++++++ ...ncorrect-check-in-can_open_delegated.patch | 32 +++++++ queue-4.2/series | 13 +++ .../sunrpc-fix-a-thinko-in-xs_connect.patch | 43 +++++++++ ...-mark-the-connection-as-disconnected.patch | 28 ++++++ ...er-payload-back-to-rpcsvc_maxpayload.patch | 89 +++++++++++++++++++ 14 files changed, 674 insertions(+) create mode 100644 queue-4.2/net-sunrpc-fix-tracepoint-warning-unknown-op.patch create mode 100644 queue-4.2/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch create mode 100644 queue-4.2/nfs-fix-truncated-client-owner-id-without-proto-type.patch create mode 100644 queue-4.2/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch create mode 100644 queue-4.2/nfs41-flexfiles-update-inode-after-write-finishes.patch create mode 100644 queue-4.2/nfs41-flexfiles-zero-out-ds-write-wcc.patch create mode 100644 queue-4.2/nfsv4-force-a-post-op-attribute-update-when-holding-a-delegation.patch create mode 100644 queue-4.2/nfsv4.1-fix-a-protocol-issue-with-close-stateids.patch create mode 100644 queue-4.2/nfsv4.1-flexfiles-fix-a-protocol-error-in-layoutreturn.patch create mode 100644 queue-4.2/revert-nfsv4-remove-incorrect-check-in-can_open_delegated.patch create mode 100644 queue-4.2/sunrpc-fix-a-thinko-in-xs_connect.patch create mode 100644 queue-4.2/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch create mode 100644 queue-4.2/svcrdma-change-maximum-server-payload-back-to-rpcsvc_maxpayload.patch diff --git a/queue-4.2/net-sunrpc-fix-tracepoint-warning-unknown-op.patch b/queue-4.2/net-sunrpc-fix-tracepoint-warning-unknown-op.patch new file mode 100644 index 00000000000..bf29c6503f7 --- /dev/null +++ b/queue-4.2/net-sunrpc-fix-tracepoint-warning-unknown-op.patch @@ -0,0 +1,89 @@ +From 051ac3848a94f21cfdec899cc9c65ce7f9f116fa Mon Sep 17 00:00:00 2001 +From: Pratyush Anand +Date: Thu, 27 Aug 2015 10:01:33 +0530 +Subject: net: sunrpc: fix tracepoint Warning: unknown op '->' + +From: Pratyush Anand + +commit 051ac3848a94f21cfdec899cc9c65ce7f9f116fa upstream. + +`perf stat -e sunrpc:svc_xprt_do_enqueue true` results in + +Warning: unknown op '->' +Warning: [sunrpc:svc_xprt_do_enqueue] unknown op '->' + +Similar warning for svc_handle_xprt as well. + +Actually TP_printk() should never dereference an address saved in the ring +buffer that points somewhere in the kernel. There's no guarantee that that +object still exists (with the exception of static strings). + +Therefore change all the arguments for TP_printk(), so that it references +values existing in the ring buffer only. + +While doing that, also fix another possible bug when argument xprt could be +NULL and TP_fast_assign() tries to access it's elements. + +Signed-off-by: Pratyush Anand +Reviewed-by: Jeff Layton +Acked-by: Steven Rostedt +Fixes: 83a712e0afef "sunrpc: add some tracepoints around ..." +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + include/trace/events/sunrpc.h | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +--- a/include/trace/events/sunrpc.h ++++ b/include/trace/events/sunrpc.h +@@ -529,18 +529,21 @@ TRACE_EVENT(svc_xprt_do_enqueue, + + TP_STRUCT__entry( + __field(struct svc_xprt *, xprt) +- __field(struct svc_rqst *, rqst) ++ __field_struct(struct sockaddr_storage, ss) ++ __field(int, pid) ++ __field(unsigned long, flags) + ), + + TP_fast_assign( + __entry->xprt = xprt; +- __entry->rqst = rqst; ++ xprt ? memcpy(&__entry->ss, &xprt->xpt_remote, sizeof(__entry->ss)) : memset(&__entry->ss, 0, sizeof(__entry->ss)); ++ __entry->pid = rqst? rqst->rq_task->pid : 0; ++ __entry->flags = xprt ? xprt->xpt_flags : 0; + ), + + TP_printk("xprt=0x%p addr=%pIScp pid=%d flags=%s", __entry->xprt, +- (struct sockaddr *)&__entry->xprt->xpt_remote, +- __entry->rqst ? __entry->rqst->rq_task->pid : 0, +- show_svc_xprt_flags(__entry->xprt->xpt_flags)) ++ (struct sockaddr *)&__entry->ss, ++ __entry->pid, show_svc_xprt_flags(__entry->flags)) + ); + + TRACE_EVENT(svc_xprt_dequeue, +@@ -589,16 +592,20 @@ TRACE_EVENT(svc_handle_xprt, + TP_STRUCT__entry( + __field(struct svc_xprt *, xprt) + __field(int, len) ++ __field_struct(struct sockaddr_storage, ss) ++ __field(unsigned long, flags) + ), + + TP_fast_assign( + __entry->xprt = xprt; ++ xprt ? memcpy(&__entry->ss, &xprt->xpt_remote, sizeof(__entry->ss)) : memset(&__entry->ss, 0, sizeof(__entry->ss)); + __entry->len = len; ++ __entry->flags = xprt ? xprt->xpt_flags : 0; + ), + + TP_printk("xprt=0x%p addr=%pIScp len=%d flags=%s", __entry->xprt, +- (struct sockaddr *)&__entry->xprt->xpt_remote, __entry->len, +- show_svc_xprt_flags(__entry->xprt->xpt_flags)) ++ (struct sockaddr *)&__entry->ss, ++ __entry->len, show_svc_xprt_flags(__entry->flags)) + ); + #endif /* _TRACE_SUNRPC_H */ + diff --git a/queue-4.2/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch b/queue-4.2/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch new file mode 100644 index 00000000000..65b8090dfb0 --- /dev/null +++ b/queue-4.2/nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch @@ -0,0 +1,82 @@ +From 18e3b739fdc826481c6a1335ce0c5b19b3d415da Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Sat, 15 Aug 2015 21:52:10 +0800 +Subject: NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client + +From: Kinglong Mee + +commit 18e3b739fdc826481c6a1335ce0c5b19b3d415da upstream. + +---Steps to Reproduce-- + +# cat /etc/exports +/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt) +/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt) + + +# mount -t nfs nfs-server:/nfs/ /mnt/ +# ll /mnt/*/ + + +# cat /etc/exports +/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt,refer=/nfs/old/@nfs-server) +/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt) +# service nfs restart + + +# ll /mnt/*/ --->>>>> oops here + +[ 5123.102925] BUG: unable to handle kernel NULL pointer dereference at (null) +[ 5123.103363] IP: [] nfs4_proc_get_locations+0x9b/0x120 [nfsv4] +[ 5123.103752] PGD 587b9067 PUD 3cbf5067 PMD 0 +[ 5123.104131] Oops: 0000 [#1] +[ 5123.104529] Modules linked in: nfsv4(OE) nfs(OE) fscache(E) nfsd(OE) xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev vmw_balloon parport_pc parport i2c_piix4 shpchp auth_rpcgss nfs_acl vmw_vmci lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi serio_raw scsi_transport_spi e1000 mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd] +[ 5123.105887] CPU: 0 PID: 15853 Comm: ::1-manager Tainted: G OE 4.2.0-rc6+ #214 +[ 5123.106358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014 +[ 5123.106860] task: ffff88007620f300 ti: ffff88005877c000 task.ti: ffff88005877c000 +[ 5123.107363] RIP: 0010:[] [] nfs4_proc_get_locations+0x9b/0x120 [nfsv4] +[ 5123.107909] RSP: 0018:ffff88005877fdb8 EFLAGS: 00010246 +[ 5123.108435] RAX: ffff880053f3bc00 RBX: ffff88006ce6c908 RCX: ffff880053a0d240 +[ 5123.108968] RDX: ffffea0000e6d940 RSI: ffff8800399a0000 RDI: ffff88006ce6c908 +[ 5123.109503] RBP: ffff88005877fe28 R08: ffffffff81c708a0 R09: 0000000000000000 +[ 5123.110045] R10: 00000000000001a2 R11: ffff88003ba7f5c8 R12: ffff880054c55800 +[ 5123.110618] R13: 0000000000000000 R14: ffff880053a0d240 R15: ffff880053a0d240 +[ 5123.111169] FS: 0000000000000000(0000) GS:ffffffff81c27000(0000) knlGS:0000000000000000 +[ 5123.111726] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 5123.112286] CR2: 0000000000000000 CR3: 0000000054cac000 CR4: 00000000001406f0 +[ 5123.112888] Stack: +[ 5123.113458] ffffea0000e6d940 ffff8800399a0000 00000000000167d0 0000000000000000 +[ 5123.114049] 0000000000000000 0000000000000000 0000000000000000 00000000a7ec82c6 +[ 5123.114662] ffff88005877fe18 ffffea0000e6d940 ffff8800399a0000 ffff880054c55800 +[ 5123.115264] Call Trace: +[ 5123.115868] [] nfs4_try_migration+0xbb/0x220 [nfsv4] +[ 5123.116487] [] nfs4_run_state_manager+0x4ab/0x7b0 [nfsv4] +[ 5123.117104] [] ? nfs4_do_reclaim+0x510/0x510 [nfsv4] +[ 5123.117813] [] kthread+0xd7/0xf0 +[ 5123.118456] [] ? kthread_worker_fn+0x160/0x160 +[ 5123.119108] [] ret_from_fork+0x3f/0x70 +[ 5123.119723] [] ? kthread_worker_fn+0x160/0x160 +[ 5123.120329] Code: 4c 8b 6a 58 74 17 eb 52 48 8d 55 a8 89 c6 4c 89 e7 e8 4a b5 ff ff 8b 45 b0 85 c0 74 1c 4c 89 f9 48 8b 55 90 48 8b 75 98 48 89 df <41> ff 55 00 3d e8 d8 ff ff 41 89 c6 74 cf 48 8b 4d c8 65 48 33 +[ 5123.121643] RIP [] nfs4_proc_get_locations+0x9b/0x120 [nfsv4] +[ 5123.122308] RSP +[ 5123.122942] CR2: 0000000000000000 + +Fixes: ec011fe847 ("NFS: Introduce a vector of migration recovery ops") +Signed-off-by: Kinglong Mee +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -8661,6 +8661,7 @@ static const struct nfs4_minor_version_o + .reboot_recovery_ops = &nfs41_reboot_recovery_ops, + .nograce_recovery_ops = &nfs41_nograce_recovery_ops, + .state_renewal_ops = &nfs41_state_renewal_ops, ++ .mig_recovery_ops = &nfs41_mig_recovery_ops, + }; + #endif + diff --git a/queue-4.2/nfs-fix-truncated-client-owner-id-without-proto-type.patch b/queue-4.2/nfs-fix-truncated-client-owner-id-without-proto-type.patch new file mode 100644 index 00000000000..f0b28ae1c5b --- /dev/null +++ b/queue-4.2/nfs-fix-truncated-client-owner-id-without-proto-type.patch @@ -0,0 +1,37 @@ +From 4a70316caef7d158445e672e146eb9f1b8c1aeee Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Mon, 31 Aug 2015 10:53:33 +0800 +Subject: nfs: Fix truncated client owner id without proto type + +From: Kinglong Mee + +commit 4a70316caef7d158445e672e146eb9f1b8c1aeee upstream. + +The length of "Linux NFSv4.0 " is 14, not 10. + +Without this patch, I get a truncated client owner id as, +"Linux NFSv4.0 ::1/::1" + +With this patch, +"Linux NFSv4.0 ::1/::1 tcp" + +Fixes: a319268891 ("nfs: make nfs4_init_nonuniform_client_string use a dynamically allocated buffer") +Signed-off-by: Kinglong Mee +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -4989,7 +4989,7 @@ nfs4_init_nonuniform_client_string(struc + return 0; + retry: + rcu_read_lock(); +- len = 10 + strlen(clp->cl_ipaddr) + 1 + ++ len = 14 + strlen(clp->cl_ipaddr) + 1 + + strlen(rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR)) + + 1 + + strlen(rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_PROTO)) + diff --git a/queue-4.2/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch b/queue-4.2/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch new file mode 100644 index 00000000000..b0215d1d9af --- /dev/null +++ b/queue-4.2/nfs-nfs_set_pgio_error-sometimes-misses-errors.patch @@ -0,0 +1,35 @@ +From e9ae58aeee8842a50f7e199d602a5ccb2e41a95f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 17 Aug 2015 12:57:07 -0500 +Subject: NFS: nfs_set_pgio_error sometimes misses errors + +From: Trond Myklebust + +commit e9ae58aeee8842a50f7e199d602a5ccb2e41a95f upstream. + +We should ensure that we always set the pgio_header's error field +if a READ or WRITE RPC call returns an error. The current code depends +on 'hdr->good_bytes' always being initialised to a large value, which +is not always done correctly by callers. +When this happens, applications may end up missing important errors. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pagelist.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -77,8 +77,8 @@ EXPORT_SYMBOL_GPL(nfs_pgheader_init); + void nfs_set_pgio_error(struct nfs_pgio_header *hdr, int error, loff_t pos) + { + spin_lock(&hdr->lock); +- if (pos < hdr->io_start + hdr->good_bytes) { +- set_bit(NFS_IOHDR_ERROR, &hdr->flags); ++ if (!test_and_set_bit(NFS_IOHDR_ERROR, &hdr->flags) ++ || pos < hdr->io_start + hdr->good_bytes) { + clear_bit(NFS_IOHDR_EOF, &hdr->flags); + hdr->good_bytes = pos - hdr->io_start; + hdr->error = error; diff --git a/queue-4.2/nfs41-flexfiles-update-inode-after-write-finishes.patch b/queue-4.2/nfs41-flexfiles-update-inode-after-write-finishes.patch new file mode 100644 index 00000000000..ed1bfff626a --- /dev/null +++ b/queue-4.2/nfs41-flexfiles-update-inode-after-write-finishes.patch @@ -0,0 +1,34 @@ +From 69f230d907e8c1ca3f9bd528993eeb98f712b0dd Mon Sep 17 00:00:00 2001 +From: Peng Tao +Date: Thu, 20 Aug 2015 01:52:59 +0800 +Subject: NFS41/flexfiles: update inode after write finishes + +From: Peng Tao + +commit 69f230d907e8c1ca3f9bd528993eeb98f712b0dd upstream. + +Otherwise we break fstest case tests/read_write/mctime.t + +Does files layout need the same fix as well? + +Cc: Anna Schumaker +Signed-off-by: Peng Tao +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/flexfilelayout/flexfilelayout.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/nfs/flexfilelayout/flexfilelayout.c ++++ b/fs/nfs/flexfilelayout/flexfilelayout.c +@@ -1199,6 +1199,9 @@ static int ff_layout_write_done_cb(struc + hdr->res.verf->committed == NFS_DATA_SYNC) + ff_layout_set_layoutcommit(hdr); + ++ if (task->tk_status >= 0) ++ nfs_writeback_update_inode(hdr); ++ + return 0; + } + diff --git a/queue-4.2/nfs41-flexfiles-zero-out-ds-write-wcc.patch b/queue-4.2/nfs41-flexfiles-zero-out-ds-write-wcc.patch new file mode 100644 index 00000000000..5a33d74d7e5 --- /dev/null +++ b/queue-4.2/nfs41-flexfiles-zero-out-ds-write-wcc.patch @@ -0,0 +1,30 @@ +From 5420401079e152ff68a8024f6a375804b1c21505 Mon Sep 17 00:00:00 2001 +From: Peng Tao +Date: Sat, 22 Aug 2015 06:40:00 +0800 +Subject: NFS41/flexfiles: zero out DS write wcc + +From: Peng Tao + +commit 5420401079e152ff68a8024f6a375804b1c21505 upstream. + +We do not want to update inode attributes with DS values. + +Signed-off-by: Peng Tao +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/flexfilelayout/flexfilelayout.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfs/flexfilelayout/flexfilelayout.c ++++ b/fs/nfs/flexfilelayout/flexfilelayout.c +@@ -1199,6 +1199,8 @@ static int ff_layout_write_done_cb(struc + hdr->res.verf->committed == NFS_DATA_SYNC) + ff_layout_set_layoutcommit(hdr); + ++ /* zero out fattr since we don't care DS attr at all */ ++ hdr->fattr.valid = 0; + if (task->tk_status >= 0) + nfs_writeback_update_inode(hdr); + diff --git a/queue-4.2/nfsv4-force-a-post-op-attribute-update-when-holding-a-delegation.patch b/queue-4.2/nfsv4-force-a-post-op-attribute-update-when-holding-a-delegation.patch new file mode 100644 index 00000000000..4ed3c1ac3c7 --- /dev/null +++ b/queue-4.2/nfsv4-force-a-post-op-attribute-update-when-holding-a-delegation.patch @@ -0,0 +1,37 @@ +From aaae3f00d3f67f681a1f3cb7af999e976e8a24ce Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Thu, 20 Aug 2015 18:56:07 -0500 +Subject: NFSv4: Force a post-op attribute update when holding a delegation + +From: Trond Myklebust + +commit aaae3f00d3f67f681a1f3cb7af999e976e8a24ce upstream. + +If the ctime or mtime or change attribute have changed because +of an operation we initiated, we should make sure that we force +an attribute update. However we do not want to mark the page cache +for revalidation. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/inode.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/fs/nfs/inode.c ++++ b/fs/nfs/inode.c +@@ -1483,6 +1483,13 @@ static int nfs_post_op_update_inode_lock + { + unsigned long invalid = NFS_INO_INVALID_ATTR|NFS_INO_REVAL_PAGECACHE; + ++ /* ++ * Don't revalidate the pagecache if we hold a delegation, but do ++ * force an attribute update ++ */ ++ if (NFS_PROTO(inode)->have_delegation(inode, FMODE_READ)) ++ invalid = NFS_INO_INVALID_ATTR|NFS_INO_REVAL_FORCED; ++ + if (S_ISDIR(inode->i_mode)) + invalid |= NFS_INO_INVALID_DATA; + nfs_set_cache_invalid(inode, invalid); diff --git a/queue-4.2/nfsv4.1-fix-a-protocol-issue-with-close-stateids.patch b/queue-4.2/nfsv4.1-fix-a-protocol-issue-with-close-stateids.patch new file mode 100644 index 00000000000..2b661c9975d --- /dev/null +++ b/queue-4.2/nfsv4.1-fix-a-protocol-issue-with-close-stateids.patch @@ -0,0 +1,71 @@ +From 4a1e2feb9d246775dee0f78ed5b18826bae2b1c5 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sun, 30 Aug 2015 18:37:59 -0700 +Subject: NFSv4.1: Fix a protocol issue with CLOSE stateids + +From: Trond Myklebust + +commit 4a1e2feb9d246775dee0f78ed5b18826bae2b1c5 upstream. + +According to RFC5661 Section 18.2.4, CLOSE is supposed to return +the zero stateid. This means that nfs_clear_open_stateid_locked() +cannot assume that the result stateid will always match the 'other' +field of the existing open stateid when trying to determine a race +with a parallel OPEN. + +Instead, we look at the argument, and check for matches. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1220,6 +1220,7 @@ static void nfs_resync_open_stateid_lock + } + + static void nfs_clear_open_stateid_locked(struct nfs4_state *state, ++ nfs4_stateid *arg_stateid, + nfs4_stateid *stateid, fmode_t fmode) + { + clear_bit(NFS_O_RDWR_STATE, &state->flags); +@@ -1238,8 +1239,9 @@ static void nfs_clear_open_stateid_locke + if (stateid == NULL) + return; + /* Handle races with OPEN */ +- if (!nfs4_stateid_match_other(stateid, &state->open_stateid) || +- !nfs4_stateid_is_newer(stateid, &state->open_stateid)) { ++ if (!nfs4_stateid_match_other(arg_stateid, &state->open_stateid) || ++ (nfs4_stateid_match_other(stateid, &state->open_stateid) && ++ !nfs4_stateid_is_newer(stateid, &state->open_stateid))) { + nfs_resync_open_stateid_locked(state); + return; + } +@@ -1248,10 +1250,12 @@ static void nfs_clear_open_stateid_locke + nfs4_stateid_copy(&state->open_stateid, stateid); + } + +-static void nfs_clear_open_stateid(struct nfs4_state *state, nfs4_stateid *stateid, fmode_t fmode) ++static void nfs_clear_open_stateid(struct nfs4_state *state, ++ nfs4_stateid *arg_stateid, ++ nfs4_stateid *stateid, fmode_t fmode) + { + write_seqlock(&state->seqlock); +- nfs_clear_open_stateid_locked(state, stateid, fmode); ++ nfs_clear_open_stateid_locked(state, arg_stateid, stateid, fmode); + write_sequnlock(&state->seqlock); + if (test_bit(NFS_STATE_RECLAIM_NOGRACE, &state->flags)) + nfs4_schedule_state_manager(state->owner->so_server->nfs_client); +@@ -2684,7 +2688,8 @@ static void nfs4_close_done(struct rpc_t + goto out_release; + } + } +- nfs_clear_open_stateid(state, res_stateid, calldata->arg.fmode); ++ nfs_clear_open_stateid(state, &calldata->arg.stateid, ++ res_stateid, calldata->arg.fmode); + out_release: + nfs_release_seqid(calldata->arg.seqid); + nfs_refresh_inode(calldata->inode, calldata->res.fattr); diff --git a/queue-4.2/nfsv4.1-flexfiles-fix-a-protocol-error-in-layoutreturn.patch b/queue-4.2/nfsv4.1-flexfiles-fix-a-protocol-error-in-layoutreturn.patch new file mode 100644 index 00000000000..bf53fca4fde --- /dev/null +++ b/queue-4.2/nfsv4.1-flexfiles-fix-a-protocol-error-in-layoutreturn.patch @@ -0,0 +1,54 @@ +From d13549074cf066d6d5bb29903d044beffea342d3 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Thu, 27 Aug 2015 20:37:39 -0400 +Subject: NFSv4.1/flexfiles: Fix a protocol error in layoutreturn + +From: Trond Myklebust + +commit d13549074cf066d6d5bb29903d044beffea342d3 upstream. + +According to the flexfiles protocol, the layoutreturn should specify an +array of errors in the following format: + +struct ff_ioerr4 { + offset4 ffie_offset; + length4 ffie_length; + stateid4 ffie_stateid; + device_error4 ffie_errors<>; +}; + +This patch fixes up the code to ensure that our ffie_errors is indeed +encoded as an array (albeit with only a single entry). + +Reported-by: Tom Haynes +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c ++++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c +@@ -500,16 +500,19 @@ int ff_layout_encode_ds_ioerr(struct nfs + range->offset, range->length)) + continue; + /* offset(8) + length(8) + stateid(NFS4_STATEID_SIZE) +- * + deviceid(NFS4_DEVICEID4_SIZE) + status(4) + opnum(4) ++ * + array length + deviceid(NFS4_DEVICEID4_SIZE) ++ * + status(4) + opnum(4) + */ + p = xdr_reserve_space(xdr, +- 24 + NFS4_STATEID_SIZE + NFS4_DEVICEID4_SIZE); ++ 28 + NFS4_STATEID_SIZE + NFS4_DEVICEID4_SIZE); + if (unlikely(!p)) + return -ENOBUFS; + p = xdr_encode_hyper(p, err->offset); + p = xdr_encode_hyper(p, err->length); + p = xdr_encode_opaque_fixed(p, &err->stateid, + NFS4_STATEID_SIZE); ++ /* Encode 1 error */ ++ *p++ = cpu_to_be32(1); + p = xdr_encode_opaque_fixed(p, &err->deviceid, + NFS4_DEVICEID4_SIZE); + *p++ = cpu_to_be32(err->status); diff --git a/queue-4.2/revert-nfsv4-remove-incorrect-check-in-can_open_delegated.patch b/queue-4.2/revert-nfsv4-remove-incorrect-check-in-can_open_delegated.patch new file mode 100644 index 00000000000..741c86a8d36 --- /dev/null +++ b/queue-4.2/revert-nfsv4-remove-incorrect-check-in-can_open_delegated.patch @@ -0,0 +1,32 @@ +From 36319608e28701c07cad80ae3be8b0fdfb1ab40f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 19 Aug 2015 00:14:20 -0500 +Subject: Revert "NFSv4: Remove incorrect check in can_open_delegated()" + +From: Trond Myklebust + +commit 36319608e28701c07cad80ae3be8b0fdfb1ab40f upstream. + +This reverts commit 4e379d36c050b0117b5d10048be63a44f5036115. + +This commit opens up a race between the recovery code and the open code. + +Reported-by: Olga Kornievskaia +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1156,6 +1156,8 @@ static int can_open_delegated(struct nfs + return 0; + if ((delegation->type & fmode) != fmode) + return 0; ++ if (test_bit(NFS_DELEGATION_NEED_RECLAIM, &delegation->flags)) ++ return 0; + if (test_bit(NFS_DELEGATION_RETURNING, &delegation->flags)) + return 0; + nfs_mark_delegation_referenced(delegation); diff --git a/queue-4.2/series b/queue-4.2/series index 9755f0c13b7..2352e5d6048 100644 --- a/queue-4.2/series +++ b/queue-4.2/series @@ -78,3 +78,16 @@ nfsv4.1-pnfs-fix-atomicity-of-commit-list-updates.patch nfsv4-don-t-set-setattr-for-o_rdonly-o_excl.patch nfs-don-t-let-the-ctime-override-attribute-barriers.patch nfsv4.1-pnfs-fix-borken-function-_same_data_server_addrs_locked.patch +nfs-fix-a-null-pointer-dereference-of-migration-recovery-ops-for-v4.2-client.patch +nfs-nfs_set_pgio_error-sometimes-misses-errors.patch +nfs41-flexfiles-update-inode-after-write-finishes.patch +nfsv4-force-a-post-op-attribute-update-when-holding-a-delegation.patch +nfs41-flexfiles-zero-out-ds-write-wcc.patch +nfsv4.1-flexfiles-fix-a-protocol-error-in-layoutreturn.patch +nfsv4.1-fix-a-protocol-issue-with-close-stateids.patch +nfs-fix-truncated-client-owner-id-without-proto-type.patch +revert-nfsv4-remove-incorrect-check-in-can_open_delegated.patch +svcrdma-change-maximum-server-payload-back-to-rpcsvc_maxpayload.patch +net-sunrpc-fix-tracepoint-warning-unknown-op.patch +sunrpc-fix-a-thinko-in-xs_connect.patch +sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch diff --git a/queue-4.2/sunrpc-fix-a-thinko-in-xs_connect.patch b/queue-4.2/sunrpc-fix-a-thinko-in-xs_connect.patch new file mode 100644 index 00000000000..0254f90a9a9 --- /dev/null +++ b/queue-4.2/sunrpc-fix-a-thinko-in-xs_connect.patch @@ -0,0 +1,43 @@ +From 99b1a4c32ad22024ac6198a4337aaec5ea23168f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Thu, 13 Aug 2015 15:33:51 -0400 +Subject: SUNRPC: Fix a thinko in xs_connect() + +From: Trond Myklebust + +commit 99b1a4c32ad22024ac6198a4337aaec5ea23168f upstream. + +It is rather pointless to test the value of transport->inet after +calling xs_reset_transport(), since it will always be zero, and +so we will never see any exponential back off behaviour. +Also don't force early connections for SOFTCONN tasks. If the server +disconnects us, we should respect the exponential backoff. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/xprtsock.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -2279,13 +2279,14 @@ static void xs_connect(struct rpc_xprt * + + WARN_ON_ONCE(!xprt_lock_connect(xprt, task, transport)); + +- /* Start by resetting any existing state */ +- xs_reset_transport(transport); +- +- if (transport->sock != NULL && !RPC_IS_SOFTCONN(task)) { ++ if (transport->sock != NULL) { + dprintk("RPC: xs_connect delayed xprt %p for %lu " + "seconds\n", + xprt, xprt->reestablish_timeout / HZ); ++ ++ /* Start by resetting any existing state */ ++ xs_reset_transport(transport); ++ + queue_delayed_work(rpciod_workqueue, + &transport->connect_worker, + xprt->reestablish_timeout); diff --git a/queue-4.2/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch b/queue-4.2/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch new file mode 100644 index 00000000000..0951dcd1aa6 --- /dev/null +++ b/queue-4.2/sunrpc-xs_reset_transport-must-mark-the-connection-as-disconnected.patch @@ -0,0 +1,28 @@ +From 0c78789e3a030615c6650fde89546cadf40ec2cc Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sat, 29 Aug 2015 13:36:30 -0700 +Subject: SUNRPC: xs_reset_transport must mark the connection as disconnected + +From: Trond Myklebust + +commit 0c78789e3a030615c6650fde89546cadf40ec2cc upstream. + +In case the reconnection attempt fails. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/xprtsock.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -829,6 +829,7 @@ static void xs_reset_transport(struct so + sk->sk_user_data = NULL; + + xs_restore_old_callbacks(transport, sk); ++ xprt_clear_connected(xprt); + write_unlock_bh(&sk->sk_callback_lock); + xs_sock_reset_connection_flags(xprt); + diff --git a/queue-4.2/svcrdma-change-maximum-server-payload-back-to-rpcsvc_maxpayload.patch b/queue-4.2/svcrdma-change-maximum-server-payload-back-to-rpcsvc_maxpayload.patch new file mode 100644 index 00000000000..fa065f76368 --- /dev/null +++ b/queue-4.2/svcrdma-change-maximum-server-payload-back-to-rpcsvc_maxpayload.patch @@ -0,0 +1,89 @@ +From cc9a903d915c21626b6b2fbf8ed0ff16a7f82210 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Fri, 7 Aug 2015 16:55:46 -0400 +Subject: svcrdma: Change maximum server payload back to RPCSVC_MAXPAYLOAD + +From: Chuck Lever + +commit cc9a903d915c21626b6b2fbf8ed0ff16a7f82210 upstream. + +Both commit 0380a3f375 ("svcrdma: Add a separate "max data segs" +macro for svcrdma") and commit 7e5be28827bf ("svcrdma: advertise +the correct max payload") are incorrect. This commit reverts both +changes, restoring the server's maximum payload size to 1MB. + +Commit 7e5be28827bf based the server's maximum payload on the +_client's_ RPCRDMA_MAX_DATA_SEGS value. That was wrong. + +Commit 0380a3f375 tried to fix this so that the client maximum +payload size could be raised without affecting the server, but +managed to confuse matters more on the server side. + +More importantly, limiting the advertised maximum payload size was +meant to be a workaround, not the actual fix. We need to revisit + + https://bugzilla.linux-nfs.org/show_bug.cgi?id=270 + +A Linux client on a platform with 64KB pages can overrun and crash +an x86_64 NFS/RDMA server when the r/wsize is 1MB. An x86/64 Linux +client seems to work fine using 1MB reads and writes when the Linux +server's maximum payload size is restored to 1MB. + +BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=270 +Fixes: 0380a3f375 ("svcrdma: Add a separate "max data segs" macro") +Signed-off-by: Chuck Lever +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/sunrpc/svc_rdma.h | 9 ++------- + net/sunrpc/xprtrdma/svc_rdma_transport.c | 2 +- + net/sunrpc/xprtrdma/xprt_rdma.h | 1 - + 3 files changed, 3 insertions(+), 9 deletions(-) + +--- a/include/linux/sunrpc/svc_rdma.h ++++ b/include/linux/sunrpc/svc_rdma.h +@@ -172,13 +172,6 @@ struct svcxprt_rdma { + #define RDMAXPRT_SQ_PENDING 2 + #define RDMAXPRT_CONN_PENDING 3 + +-#define RPCRDMA_MAX_SVC_SEGS (64) /* server max scatter/gather */ +-#if RPCSVC_MAXPAYLOAD < (RPCRDMA_MAX_SVC_SEGS << PAGE_SHIFT) +-#define RPCRDMA_MAXPAYLOAD RPCSVC_MAXPAYLOAD +-#else +-#define RPCRDMA_MAXPAYLOAD (RPCRDMA_MAX_SVC_SEGS << PAGE_SHIFT) +-#endif +- + #define RPCRDMA_LISTEN_BACKLOG 10 + /* The default ORD value is based on two outstanding full-size writes with a + * page size of 4k, or 32k * 2 ops / 4k = 16 outstanding RDMA_READ. */ +@@ -187,6 +180,8 @@ struct svcxprt_rdma { + #define RPCRDMA_MAX_REQUESTS 32 + #define RPCRDMA_MAX_REQ_SIZE 4096 + ++#define RPCSVC_MAXPAYLOAD_RDMA RPCSVC_MAXPAYLOAD ++ + /* svc_rdma_marshal.c */ + extern int svc_rdma_xdr_decode_req(struct rpcrdma_msg **, struct svc_rqst *); + extern int svc_rdma_xdr_encode_error(struct svcxprt_rdma *, +--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c ++++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c +@@ -91,7 +91,7 @@ struct svc_xprt_class svc_rdma_class = { + .xcl_name = "rdma", + .xcl_owner = THIS_MODULE, + .xcl_ops = &svc_rdma_ops, +- .xcl_max_payload = RPCRDMA_MAXPAYLOAD, ++ .xcl_max_payload = RPCSVC_MAXPAYLOAD_RDMA, + .xcl_ident = XPRT_TRANSPORT_RDMA, + }; + +--- a/net/sunrpc/xprtrdma/xprt_rdma.h ++++ b/net/sunrpc/xprtrdma/xprt_rdma.h +@@ -51,7 +51,6 @@ + #include /* rpc_xprt */ + #include /* RPC/RDMA protocol */ + #include /* xprt parameters */ +-#include /* RPCSVC_MAXPAYLOAD */ + + #define RDMA_RESOLVE_TIMEOUT (5000) /* 5 seconds */ + #define RDMA_CONNECT_RETRY_MAX (2) /* retries if no listener backlog */ -- 2.47.2