From 28cc0b0a28e0e7ec0539d8bd8587f5a11e200266 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 3 Jun 2014 22:44:12 -0700 Subject: [PATCH] 3.4-stable patches added patches: nfsd-call-set_acl-with-a-null-acl-structure-if-no-entries.patch nfsd4-remove-lockowner-when-removing-lock-stateid.patch nfsd4-warn-on-finding-lockowner-without-stateid-s.patch percpu-make-pcpu_alloc_chunk-use-pcpu_mem_free-instead-of-kfree.patch --- ...h-a-null-acl-structure-if-no-entries.patch | 140 ++++++++++++++++++ ...lockowner-when-removing-lock-stateid.patch | 48 ++++++ ...-finding-lockowner-without-stateid-s.patch | 32 ++++ ...k-use-pcpu_mem_free-instead-of-kfree.patch | 42 ++++++ queue-3.4/series | 4 + 5 files changed, 266 insertions(+) create mode 100644 queue-3.4/nfsd-call-set_acl-with-a-null-acl-structure-if-no-entries.patch create mode 100644 queue-3.4/nfsd4-remove-lockowner-when-removing-lock-stateid.patch create mode 100644 queue-3.4/nfsd4-warn-on-finding-lockowner-without-stateid-s.patch create mode 100644 queue-3.4/percpu-make-pcpu_alloc_chunk-use-pcpu_mem_free-instead-of-kfree.patch diff --git a/queue-3.4/nfsd-call-set_acl-with-a-null-acl-structure-if-no-entries.patch b/queue-3.4/nfsd-call-set_acl-with-a-null-acl-structure-if-no-entries.patch new file mode 100644 index 00000000000..6aa07166d2e --- /dev/null +++ b/queue-3.4/nfsd-call-set_acl-with-a-null-acl-structure-if-no-entries.patch @@ -0,0 +1,140 @@ +From aa07c713ecfc0522916f3cd57ac628ea6127c0ec Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Fri, 18 Apr 2014 20:49:04 +0800 +Subject: NFSD: Call ->set_acl with a NULL ACL structure if no entries + +From: Kinglong Mee + +commit aa07c713ecfc0522916f3cd57ac628ea6127c0ec upstream. + +After setting ACL for directory, I got two problems that caused +by the cached zero-length default posix acl. + +This patch make sure nfsd4_set_nfs4_acl calls ->set_acl +with a NULL ACL structure if there are no entries. + +Thanks for Christoph Hellwig's advice. + +First problem: +............ hang ........... + +Second problem: +[ 1610.167668] ------------[ cut here ]------------ +[ 1610.168320] kernel BUG at /root/nfs/linux/fs/nfsd/nfs4acl.c:239! +[ 1610.168320] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC +[ 1610.168320] Modules linked in: nfsv4(OE) nfs(OE) nfsd(OE) +rpcsec_gss_krb5 fscache ip6t_rpfilter ip6t_REJECT cfg80211 xt_conntrack +rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables +ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 +ip6table_mangle ip6table_security ip6table_raw ip6table_filter +ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 +nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw +auth_rpcgss nfs_acl snd_intel8x0 ppdev lockd snd_ac97_codec ac97_bus +snd_pcm snd_timer e1000 pcspkr parport_pc snd parport serio_raw joydev +i2c_piix4 sunrpc(OE) microcode soundcore i2c_core ata_generic pata_acpi +[last unloaded: nfsd] +[ 1610.168320] CPU: 0 PID: 27397 Comm: nfsd Tainted: G OE +3.15.0-rc1+ #15 +[ 1610.168320] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS +VirtualBox 12/01/2006 +[ 1610.168320] task: ffff88005ab653d0 ti: ffff88005a944000 task.ti: +ffff88005a944000 +[ 1610.168320] RIP: 0010:[] [] +_posix_to_nfsv4_one+0x3cd/0x3d0 [nfsd] +[ 1610.168320] RSP: 0018:ffff88005a945b00 EFLAGS: 00010293 +[ 1610.168320] RAX: 0000000000000001 RBX: ffff88006700bac0 RCX: +0000000000000000 +[ 1610.168320] RDX: 0000000000000000 RSI: ffff880067c83f00 RDI: +ffff880068233300 +[ 1610.168320] RBP: ffff88005a945b48 R08: ffffffff81c64830 R09: +0000000000000000 +[ 1610.168320] R10: ffff88004ea85be0 R11: 000000000000f475 R12: +ffff880068233300 +[ 1610.168320] R13: 0000000000000003 R14: 0000000000000002 R15: +ffff880068233300 +[ 1610.168320] FS: 0000000000000000(0000) GS:ffff880077800000(0000) +knlGS:0000000000000000 +[ 1610.168320] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +[ 1610.168320] CR2: 00007f5bcbd3b0b9 CR3: 0000000001c0f000 CR4: +00000000000006f0 +[ 1610.168320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: +0000000000000000 +[ 1610.168320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: +0000000000000400 +[ 1610.168320] Stack: +[ 1610.168320] ffffffff00000000 0000000b67c83500 000000076700bac0 +0000000000000000 +[ 1610.168320] ffff88006700bac0 ffff880068233300 ffff88005a945c08 +0000000000000002 +[ 1610.168320] 0000000000000000 ffff88005a945b88 ffffffffa034e2d5 +000000065a945b68 +[ 1610.168320] Call Trace: +[ 1610.168320] [] nfsd4_get_nfs4_acl+0x95/0x150 [nfsd] +[ 1610.168320] [] nfsd4_encode_fattr+0x646/0x1e70 [nfsd] +[ 1610.168320] [] ? kmemleak_alloc+0x4e/0xb0 +[ 1610.168320] [] ? +nfsd_setuser_and_check_port+0x52/0x80 [nfsd] +[ 1610.168320] [] ? selinux_cred_prepare+0x1b/0x30 +[ 1610.168320] [] nfsd4_encode_getattr+0x5a/0x60 [nfsd] +[ 1610.168320] [] nfsd4_encode_operation+0x67/0x110 +[nfsd] +[ 1610.168320] [] nfsd4_proc_compound+0x21d/0x810 [nfsd] +[ 1610.168320] [] nfsd_dispatch+0xbb/0x200 [nfsd] +[ 1610.168320] [] svc_process_common+0x46d/0x6d0 [sunrpc] +[ 1610.168320] [] svc_process+0x103/0x170 [sunrpc] +[ 1610.168320] [] nfsd+0xbf/0x130 [nfsd] +[ 1610.168320] [] ? nfsd_destroy+0x80/0x80 [nfsd] +[ 1610.168320] [] kthread+0xd2/0xf0 +[ 1610.168320] [] ? insert_kthread_work+0x40/0x40 +[ 1610.168320] [] ret_from_fork+0x7c/0xb0 +[ 1610.168320] [] ? insert_kthread_work+0x40/0x40 +[ 1610.168320] Code: 78 02 e9 e7 fc ff ff 31 c0 31 d2 31 c9 66 89 45 ce +41 8b 04 24 66 89 55 d0 66 89 4d d2 48 8d 04 80 49 8d 5c 84 04 e9 37 fd +ff ff <0f> 0b 90 0f 1f 44 00 00 55 8b 56 08 c7 07 00 00 00 00 8b 46 0c +[ 1610.168320] RIP [] _posix_to_nfsv4_one+0x3cd/0x3d0 +[nfsd] +[ 1610.168320] RSP +[ 1610.257313] ---[ end trace 838254e3e352285b ]--- + +Signed-off-by: Kinglong Mee +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4acl.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +--- a/fs/nfsd/nfs4acl.c ++++ b/fs/nfsd/nfs4acl.c +@@ -373,8 +373,10 @@ sort_pacl(struct posix_acl *pacl) + * by uid/gid. */ + int i, j; + +- if (pacl->a_count <= 4) +- return; /* no users or groups */ ++ /* no users or groups */ ++ if (!pacl || pacl->a_count <= 4) ++ return; ++ + i = 1; + while (pacl->a_entries[i].e_tag == ACL_USER) + i++; +@@ -498,13 +500,12 @@ posix_state_to_acl(struct posix_acl_stat + + /* + * ACLs with no ACEs are treated differently in the inheritable +- * and effective cases: when there are no inheritable ACEs, we +- * set a zero-length default posix acl: ++ * and effective cases: when there are no inheritable ACEs, ++ * calls ->set_acl with a NULL ACL structure. + */ +- if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { +- pacl = posix_acl_alloc(0, GFP_KERNEL); +- return pacl ? pacl : ERR_PTR(-ENOMEM); +- } ++ if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) ++ return NULL; ++ + /* + * When there are no effective ACEs, the following will end + * up setting a 3-element effective posix ACL with all diff --git a/queue-3.4/nfsd4-remove-lockowner-when-removing-lock-stateid.patch b/queue-3.4/nfsd4-remove-lockowner-when-removing-lock-stateid.patch new file mode 100644 index 00000000000..e2488399820 --- /dev/null +++ b/queue-3.4/nfsd4-remove-lockowner-when-removing-lock-stateid.patch @@ -0,0 +1,48 @@ +From a1b8ff4c97b4375d21b6d6c45d75877303f61b3b Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Tue, 20 May 2014 15:55:21 -0400 +Subject: nfsd4: remove lockowner when removing lock stateid + +From: "J. Bruce Fields" + +commit a1b8ff4c97b4375d21b6d6c45d75877303f61b3b upstream. + +The nfsv4 state code has always assumed a one-to-one correspondance +between lock stateid's and lockowners even if it appears not to in some +places. + +We may actually change that, but for now when FREE_STATEID releases a +lock stateid it also needs to release the parent lockowner. + +Symptoms were a subsequent LOCK crashing in find_lockowner_str when it +calls same_lockowner_ino on a lockowner that unexpectedly has an empty +so_stateids list. + +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -3476,9 +3476,16 @@ out: + static __be32 + nfsd4_free_lock_stateid(struct nfs4_ol_stateid *stp) + { +- if (check_for_locks(stp->st_file, lockowner(stp->st_stateowner))) ++ struct nfs4_lockowner *lo = lockowner(stp->st_stateowner); ++ ++ if (check_for_locks(stp->st_file, lo)) + return nfserr_locks_held; +- release_lock_stateid(stp); ++ /* ++ * Currently there's a 1-1 lock stateid<->lockowner ++ * correspondance, and we have to delete the lockowner when we ++ * delete the lock stateid: ++ */ ++ unhash_lockowner(lo); + return nfs_ok; + } + diff --git a/queue-3.4/nfsd4-warn-on-finding-lockowner-without-stateid-s.patch b/queue-3.4/nfsd4-warn-on-finding-lockowner-without-stateid-s.patch new file mode 100644 index 00000000000..7cd175160df --- /dev/null +++ b/queue-3.4/nfsd4-warn-on-finding-lockowner-without-stateid-s.patch @@ -0,0 +1,32 @@ +From 27b11428b7de097c42f205beabb1764f4365443b Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Thu, 8 May 2014 11:19:41 -0400 +Subject: nfsd4: warn on finding lockowner without stateid's + +From: "J. Bruce Fields" + +commit 27b11428b7de097c42f205beabb1764f4365443b upstream. + +The current code assumes a one-to-one lockowner<->lock stateid +correspondance. + +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -3918,6 +3918,10 @@ static bool same_lockowner_ino(struct nf + + if (!same_owner_str(&lo->lo_owner, owner, clid)) + return false; ++ if (list_empty(&lo->lo_owner.so_stateids)) { ++ WARN_ON_ONCE(1); ++ return false; ++ } + lst = list_first_entry(&lo->lo_owner.so_stateids, + struct nfs4_ol_stateid, st_perstateowner); + return lst->st_file->fi_inode == inode; diff --git a/queue-3.4/percpu-make-pcpu_alloc_chunk-use-pcpu_mem_free-instead-of-kfree.patch b/queue-3.4/percpu-make-pcpu_alloc_chunk-use-pcpu_mem_free-instead-of-kfree.patch new file mode 100644 index 00000000000..1a37854fe4c --- /dev/null +++ b/queue-3.4/percpu-make-pcpu_alloc_chunk-use-pcpu_mem_free-instead-of-kfree.patch @@ -0,0 +1,42 @@ +From 5a838c3b60e3a36ade764cf7751b8f17d7c9c2da Mon Sep 17 00:00:00 2001 +From: Jianyu Zhan +Date: Mon, 14 Apr 2014 13:47:40 +0800 +Subject: percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree() + +From: Jianyu Zhan + +commit 5a838c3b60e3a36ade764cf7751b8f17d7c9c2da upstream. + +pcpu_chunk_struct_size = sizeof(struct pcpu_chunk) + + BITS_TO_LONGS(pcpu_unit_pages) * sizeof(unsigned long) + +It hardly could be ever bigger than PAGE_SIZE even for large-scale machine, +but for consistency with its couterpart pcpu_mem_zalloc(), +use pcpu_mem_free() instead. + +Commit b4916cb17c26 ("percpu: make pcpu_free_chunk() use +pcpu_mem_free() instead of kfree()") addressed this problem, but +missed this one. + +tj: commit message updated + +Signed-off-by: Jianyu Zhan +Signed-off-by: Tejun Heo +Fixes: 099a19d91ca4 ("percpu: allow limited allocation before slab is online) +Signed-off-by: Greg Kroah-Hartman + +--- + mm/percpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/percpu.c ++++ b/mm/percpu.c +@@ -612,7 +612,7 @@ static struct pcpu_chunk *pcpu_alloc_chu + chunk->map = pcpu_mem_zalloc(PCPU_DFL_MAP_ALLOC * + sizeof(chunk->map[0])); + if (!chunk->map) { +- kfree(chunk); ++ pcpu_mem_free(chunk, pcpu_chunk_struct_size); + return NULL; + } + diff --git a/queue-3.4/series b/queue-3.4/series index 1e2e2796a0e..149c07e400f 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -62,3 +62,7 @@ documentation-update-stable-address-in-chinese-and-japanese-translations.patch crypto-crypto_wq-fix-late-crypto-work-queue-initialization.patch media-media-device-fix-infoleak-in-ioctl-media_enum_entities.patch trace-module-maintain-a-valid-user-count.patch +nfsd-call-set_acl-with-a-null-acl-structure-if-no-entries.patch +nfsd4-warn-on-finding-lockowner-without-stateid-s.patch +nfsd4-remove-lockowner-when-removing-lock-stateid.patch +percpu-make-pcpu_alloc_chunk-use-pcpu_mem_free-instead-of-kfree.patch -- 2.47.3