--- /dev/null
+From 6bdb5f213c4344324f600dde885f25768fbd14db Mon Sep 17 00:00:00 2001
+From: Bryan Schumaker <bjschuma@netapp.com>
+Date: Mon, 12 Nov 2012 16:55:38 -0500
+Subject: NFS: Add sequence_priviliged_ops for nfs4_proc_sequence()
+
+From: Bryan Schumaker <bjschuma@netapp.com>
+
+commit 6bdb5f213c4344324f600dde885f25768fbd14db upstream.
+
+If I mount an NFS v4.1 server to a single client multiple times and then
+run xfstests over each mountpoint I usually get the client into a state
+where recovery deadlocks. The server informs the client of a
+cb_path_down sequence error, the client then does a
+bind_connection_to_session and checks the status of the lease.
+
+I found that bind_connection_to_session sets the NFS4_SESSION_DRAINING
+flag on the client, but this flag is never unset before
+nfs4_check_lease() reaches nfs4_proc_sequence(). This causes the client
+to deadlock, halting all NFS activity to the server. nfs4_proc_sequence()
+is only called by the state manager, so I can change it to run in privileged
+mode to bypass the NFS4_SESSION_DRAINING check and avoid the deadlock.
+
+Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 21 +++++++++++++++++----
+ 1 file changed, 17 insertions(+), 4 deletions(-)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -5739,13 +5739,26 @@ static void nfs41_sequence_prepare(struc
+ rpc_call_start(task);
+ }
+
++static void nfs41_sequence_prepare_privileged(struct rpc_task *task, void *data)
++{
++ rpc_task_set_priority(task, RPC_PRIORITY_PRIVILEGED);
++ nfs41_sequence_prepare(task, data);
++}
++
+ static const struct rpc_call_ops nfs41_sequence_ops = {
+ .rpc_call_done = nfs41_sequence_call_done,
+ .rpc_call_prepare = nfs41_sequence_prepare,
+ .rpc_release = nfs41_sequence_release,
+ };
+
+-static struct rpc_task *_nfs41_proc_sequence(struct nfs_client *clp, struct rpc_cred *cred)
++static const struct rpc_call_ops nfs41_sequence_privileged_ops = {
++ .rpc_call_done = nfs41_sequence_call_done,
++ .rpc_call_prepare = nfs41_sequence_prepare_privileged,
++ .rpc_release = nfs41_sequence_release,
++};
++
++static struct rpc_task *_nfs41_proc_sequence(struct nfs_client *clp, struct rpc_cred *cred,
++ const struct rpc_call_ops *seq_ops)
+ {
+ struct nfs4_sequence_data *calldata;
+ struct rpc_message msg = {
+@@ -5755,7 +5768,7 @@ static struct rpc_task *_nfs41_proc_sequ
+ struct rpc_task_setup task_setup_data = {
+ .rpc_client = clp->cl_rpcclient,
+ .rpc_message = &msg,
+- .callback_ops = &nfs41_sequence_ops,
++ .callback_ops = seq_ops,
+ .flags = RPC_TASK_ASYNC | RPC_TASK_SOFT,
+ };
+
+@@ -5782,7 +5795,7 @@ static int nfs41_proc_async_sequence(str
+
+ if ((renew_flags & NFS4_RENEW_TIMEOUT) == 0)
+ return 0;
+- task = _nfs41_proc_sequence(clp, cred);
++ task = _nfs41_proc_sequence(clp, cred, &nfs41_sequence_ops);
+ if (IS_ERR(task))
+ ret = PTR_ERR(task);
+ else
+@@ -5796,7 +5809,7 @@ static int nfs4_proc_sequence(struct nfs
+ struct rpc_task *task;
+ int ret;
+
+- task = _nfs41_proc_sequence(clp, cred);
++ task = _nfs41_proc_sequence(clp, cred, &nfs41_sequence_privileged_ops);
+ if (IS_ERR(task)) {
+ ret = PTR_ERR(task);
+ goto out;
--- /dev/null
+From f259613a1e4b44a0cf85a5dafd931be96ee7c9e5 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Thu, 13 Dec 2012 15:14:36 +1100
+Subject: NFS: avoid NULL dereference in nfs_destroy_server
+
+From: NeilBrown <neilb@suse.de>
+
+commit f259613a1e4b44a0cf85a5dafd931be96ee7c9e5 upstream.
+
+In rare circumstances, nfs_clone_server() of a v2 or v3 server can get
+an error between setting server->destory (to nfs_destroy_server), and
+calling nfs_start_lockd (which will set server->nlm_host).
+
+If this happens, nfs_clone_server will call nfs_free_server which
+will call nfs_destroy_server and thence nlmclnt_done(NULL). This
+causes the NULL to be dereferenced.
+
+So add a guard to only call nlmclnt_done() if ->nlm_host is not NULL.
+
+The other guards there are irrelevant as nlm_host can only be non-NULL
+if one of these flags are set - so remove those tests. (Thanks to Trond
+for this suggestion).
+
+This is suitable for any stable kernel since 2.6.25.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/client.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -694,8 +694,7 @@ static int nfs_create_rpc_client(struct
+ */
+ static void nfs_destroy_server(struct nfs_server *server)
+ {
+- if (!(server->flags & NFS_MOUNT_LOCAL_FLOCK) ||
+- !(server->flags & NFS_MOUNT_LOCAL_FCNTL))
++ if (server->nlm_host)
+ nlmclnt_done(server->nlm_host);
+ }
+
--- /dev/null
+From 1f018458b30b0d5c535c94e577aa0acbb92e1395 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Fri, 14 Dec 2012 16:38:46 -0500
+Subject: NFS: Fix calls to drop_nlink()
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 1f018458b30b0d5c535c94e577aa0acbb92e1395 upstream.
+
+It is almost always wrong for NFS to call drop_nlink() after removing a
+file. What we really want is to mark the inode's attributes for
+revalidation, and we want to ensure that the VFS drops it if we're
+reasonably sure that this is the final unlink().
+Do the former using the usual cache validity flags, and the latter
+by testing if inode->i_nlink == 1, and clearing it in that case.
+
+This also fixes the following warning reported by Neil Brown and
+Jeff Layton (among others).
+
+[634155.004438] WARNING:
+at /home/abuild/rpmbuild/BUILD/kernel-desktop-3.5.0/lin [634155.004442]
+Hardware name: Latitude E6510 [634155.004577] crc_itu_t crc32c_intel
+snd_hwdep snd_pcm snd_timer snd soundcor [634155.004609] Pid: 13402, comm:
+bash Tainted: G W 3.5.0-36-desktop # [634155.004611] Call Trace:
+[634155.004630] [<ffffffff8100444a>] dump_trace+0xaa/0x2b0
+[634155.004641] [<ffffffff815a23dc>] dump_stack+0x69/0x6f
+[634155.004653] [<ffffffff81041a0b>] warn_slowpath_common+0x7b/0xc0
+[634155.004662] [<ffffffff811832e4>] drop_nlink+0x34/0x40
+[634155.004687] [<ffffffffa05bb6c3>] nfs_dentry_iput+0x33/0x70 [nfs]
+[634155.004714] [<ffffffff8118049e>] dput+0x12e/0x230
+[634155.004726] [<ffffffff8116b230>] __fput+0x170/0x230
+[634155.004735] [<ffffffff81167c0f>] filp_close+0x5f/0x90
+[634155.004743] [<ffffffff81167cd7>] sys_close+0x97/0x100
+[634155.004754] [<ffffffff815c3b39>] system_call_fastpath+0x16/0x1b
+[634155.004767] [<00007f2a73a0d110>] 0x7f2a73a0d10f
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/dir.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -1219,11 +1219,14 @@ static int nfs_dentry_delete(const struc
+
+ }
+
++/* Ensure that we revalidate inode->i_nlink */
+ static void nfs_drop_nlink(struct inode *inode)
+ {
+ spin_lock(&inode->i_lock);
+- if (inode->i_nlink > 0)
+- drop_nlink(inode);
++ /* drop the inode if we're reasonably sure this is the last link */
++ if (inode->i_nlink == 1)
++ clear_nlink(inode);
++ NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATTR;
+ spin_unlock(&inode->i_lock);
+ }
+
+@@ -1238,8 +1241,8 @@ static void nfs_dentry_iput(struct dentr
+ NFS_I(inode)->cache_validity |= NFS_INO_INVALID_DATA;
+
+ if (dentry->d_flags & DCACHE_NFSFS_RENAMED) {
+- drop_nlink(inode);
+ nfs_complete_unlink(dentry, inode);
++ nfs_drop_nlink(inode);
+ }
+ iput(inode);
+ }
+@@ -1800,10 +1803,8 @@ static int nfs_safe_remove(struct dentry
+ if (inode != NULL) {
+ nfs_inode_return_delegation(inode);
+ error = NFS_PROTO(dir)->remove(dir, &dentry->d_name);
+- /* The VFS may want to delete this inode */
+ if (error == 0)
+ nfs_drop_nlink(inode);
+- nfs_mark_for_revalidate(inode);
+ } else
+ error = NFS_PROTO(dir)->remove(dir, &dentry->d_name);
+ if (error == -ENOENT)
--- /dev/null
+From e25fbe380c4e3c09afa98bcdcd9d3921443adab8 Mon Sep 17 00:00:00 2001
+From: Xi Wang <xi.wang@gmail.com>
+Date: Fri, 4 Jan 2013 03:22:57 -0500
+Subject: nfs: fix null checking in nfs_get_option_str()
+
+From: Xi Wang <xi.wang@gmail.com>
+
+commit e25fbe380c4e3c09afa98bcdcd9d3921443adab8 upstream.
+
+The following null pointer check is broken.
+
+ *option = match_strdup(args);
+ return !option;
+
+The pointer `option' must be non-null, and thus `!option' is always false.
+Use `!*option' instead.
+
+The bug was introduced in commit c5cb09b6f8 ("Cleanup: Factor out some
+cut-and-paste code.").
+
+Signed-off-by: Xi Wang <xi.wang@gmail.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/super.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/super.c
++++ b/fs/nfs/super.c
+@@ -1138,7 +1138,7 @@ static int nfs_get_option_str(substring_
+ {
+ kfree(*option);
+ *option = match_strdup(args);
+- return !option;
++ return !*option;
+ }
+
+ static int nfs_get_option_ul(substring_t args[], unsigned long *option)
--- /dev/null
+From 3c40794b2dd0f355ef4e6bf8d85af5dcd7da7ece Mon Sep 17 00:00:00 2001
+From: Yanchuan Nian <ycnian@gmail.com>
+Date: Wed, 24 Oct 2012 14:44:19 +0800
+Subject: nfs: fix wrong object type in lockowner_slab
+
+From: Yanchuan Nian <ycnian@gmail.com>
+
+commit 3c40794b2dd0f355ef4e6bf8d85af5dcd7da7ece upstream.
+
+The object type in the cache of lockowner_slab is wrong, and it is
+better to fix it.
+
+Signed-off-by: Yanchuan Nian <ycnian@gmail.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -2356,7 +2356,7 @@ nfsd4_init_slabs(void)
+ if (openowner_slab == NULL)
+ goto out_nomem;
+ lockowner_slab = kmem_cache_create("nfsd4_lockowners",
+- sizeof(struct nfs4_openowner), 0, 0, NULL);
++ sizeof(struct nfs4_lockowner), 0, 0, NULL);
+ if (lockowner_slab == NULL)
+ goto out_nomem;
+ file_slab = kmem_cache_create("nfsd4_files",
--- /dev/null
+From 7007c90fb9fef593b4aeaeee57e6a6754276c97c Mon Sep 17 00:00:00 2001
+From: Neil Brown <neilb@suse.de>
+Date: Fri, 7 Dec 2012 15:40:55 -0500
+Subject: nfsd: avoid permission checks on EXCLUSIVE_CREATE replay
+
+From: Neil Brown <neilb@suse.de>
+
+commit 7007c90fb9fef593b4aeaeee57e6a6754276c97c upstream.
+
+With NFSv4, if we create a file then open it we explicit avoid checking
+the permissions on the file during the open because the fact that we
+created it ensures we should be allow to open it (the create and the
+open should appear to be a single operation).
+
+However if the reply to an EXCLUSIVE create gets lots and the client
+resends the create, the current code will perform the permission check -
+because it doesn't realise that it did the open already..
+
+This patch should fix this.
+
+Note that I haven't actually seen this cause a problem. I was just
+looking at the code trying to figure out a different EXCLUSIVE open
+related issue, and this looked wrong.
+
+(Fix confirmed with pynfs 4.0 test OPEN4--bfields)
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+[bfields: use OWNER_OVERRIDE and update for 4.1]
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4proc.c | 8 +++++---
+ fs/nfsd/vfs.c | 10 ++++++++--
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -194,6 +194,7 @@ static __be32
+ do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open)
+ {
+ struct svc_fh *resfh;
++ int accmode;
+ __be32 status;
+
+ resfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
+@@ -253,9 +254,10 @@ do_open_lookup(struct svc_rqst *rqstp, s
+ /* set reply cache */
+ fh_copy_shallow(&open->op_openowner->oo_owner.so_replay.rp_openfh,
+ &resfh->fh_handle);
+- if (!open->op_created)
+- status = do_open_permission(rqstp, resfh, open,
+- NFSD_MAY_NOP);
++ accmode = NFSD_MAY_NOP;
++ if (open->op_created)
++ accmode |= NFSD_MAY_OWNER_OVERRIDE;
++ status = do_open_permission(rqstp, resfh, open, accmode);
+ set_change_info(&open->op_cinfo, current_fh);
+ fh_dup2(current_fh, resfh);
+ out:
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -1477,13 +1477,19 @@ do_nfsd_create(struct svc_rqst *rqstp, s
+ case NFS3_CREATE_EXCLUSIVE:
+ if ( dchild->d_inode->i_mtime.tv_sec == v_mtime
+ && dchild->d_inode->i_atime.tv_sec == v_atime
+- && dchild->d_inode->i_size == 0 )
++ && dchild->d_inode->i_size == 0 ) {
++ if (created)
++ *created = 1;
+ break;
++ }
+ case NFS4_CREATE_EXCLUSIVE4_1:
+ if ( dchild->d_inode->i_mtime.tv_sec == v_mtime
+ && dchild->d_inode->i_atime.tv_sec == v_atime
+- && dchild->d_inode->i_size == 0 )
++ && dchild->d_inode->i_size == 0 ) {
++ if (created)
++ *created = 1;
+ goto set_attr;
++ }
+ /* fallthru */
+ case NFS3_CREATE_GUARDED:
+ err = nfserr_exist;
--- /dev/null
+From 57d276d71aef7d8305ff002a070cb98deb2edced Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Fri, 16 Nov 2012 15:22:43 -0500
+Subject: nfsd: fix v4 reply caching
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit 57d276d71aef7d8305ff002a070cb98deb2edced upstream.
+
+Very embarassing: 1091006c5eb15cba56785bd5b498a8d0b9546903 "nfsd: turn
+on reply cache for NFSv4" missed a line, effectively leaving the reply
+cache off in the v4 case. I thought I'd tested that, but I guess not.
+
+This time, wrote a pynfs test to confirm it works.
+
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfssvc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfssvc.c
++++ b/fs/nfsd/nfssvc.c
+@@ -650,7 +650,7 @@ nfsd_dispatch(struct svc_rqst *rqstp, __
+ }
+
+ /* Store reply in cache. */
+- nfsd_cache_update(rqstp, proc->pc_cachetype, statp + 1);
++ nfsd_cache_update(rqstp, rqstp->rq_cachetype, statp + 1);
+ return 1;
+ }
+
--- /dev/null
+From d5f50b0c290431c65377c4afa1c764e2c3fe5305 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Tue, 4 Dec 2012 18:25:10 -0500
+Subject: nfsd4: fix oops on unusual readlike compound
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit d5f50b0c290431c65377c4afa1c764e2c3fe5305 upstream.
+
+If the argument and reply together exceed the maximum payload size, then
+a reply with a read-like operation can overlow the rq_pages array.
+
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4xdr.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -2920,11 +2920,16 @@ nfsd4_encode_read(struct nfsd4_compoundr
+ len = maxcount;
+ v = 0;
+ while (len > 0) {
+- pn = resp->rqstp->rq_resused++;
++ pn = resp->rqstp->rq_resused;
++ if (!resp->rqstp->rq_respages[pn]) { /* ran out of pages */
++ maxcount -= len;
++ break;
++ }
+ resp->rqstp->rq_vec[v].iov_base =
+ page_address(resp->rqstp->rq_respages[pn]);
+ resp->rqstp->rq_vec[v].iov_len =
+ len < PAGE_SIZE ? len : PAGE_SIZE;
++ resp->rqstp->rq_resused++;
+ v++;
+ len -= PAGE_SIZE;
+ }
+@@ -2970,6 +2975,8 @@ nfsd4_encode_readlink(struct nfsd4_compo
+ return nfserr;
+ if (resp->xbuf->page_len)
+ return nfserr_resource;
++ if (!resp->rqstp->rq_respages[resp->rqstp->rq_resused])
++ return nfserr_resource;
+
+ page = page_address(resp->rqstp->rq_respages[resp->rqstp->rq_resused++]);
+
+@@ -3019,6 +3026,8 @@ nfsd4_encode_readdir(struct nfsd4_compou
+ return nfserr;
+ if (resp->xbuf->page_len)
+ return nfserr_resource;
++ if (!resp->rqstp->rq_respages[resp->rqstp->rq_resused])
++ return nfserr_resource;
+
+ RESERVE_SPACE(NFS4_VERIFIER_SIZE);
+ savep = p;
usb-gadget-network-fix-bind-error-path.patch
acpi-do-acpisleep-dmi-check-when-config_acpi_sleep-is-set.patch
acpi-scan-do-not-use-dummy-hid-for-system-bus-acpi-nodes.patch
+nfs-add-sequence_priviliged_ops-for-nfs4_proc_sequence.patch
+nfs-avoid-null-dereference-in-nfs_destroy_server.patch
+nfs-fix-calls-to-drop_nlink.patch
+nfs-fix-wrong-object-type-in-lockowner_slab.patch
+nfsd-fix-v4-reply-caching.patch
+nfsd4-fix-oops-on-unusual-readlike-compound.patch
+nfsd-avoid-permission-checks-on-exclusive_create-replay.patch
+nfs-fix-null-checking-in-nfs_get_option_str.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
