From 6f23ba75683f391e66d12064cb53cd50d67df247 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 16 Oct 2025 15:25:03 +0200 Subject: [PATCH] 5.10-stable patches added patches: nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch selftests-mptcp-join-validate-c-flag-def-limit.patch --- ...n-buffer-size-in-nfsd4_ssc_setup_dul.patch | 41 +++++++++++++ ...-in-nlm_fopen-should-lead-to-a-retry.patch | 50 ++++++++++++++++ ...mptcp-join-validate-c-flag-def-limit.patch | 59 +++++++++++++++++++ queue-5.10/series | 3 + 4 files changed, 153 insertions(+) create mode 100644 queue-5.10/nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch create mode 100644 queue-5.10/nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch create mode 100644 queue-5.10/selftests-mptcp-join-validate-c-flag-def-limit.patch diff --git a/queue-5.10/nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch b/queue-5.10/nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch new file mode 100644 index 0000000000..9ddcfa53ac --- /dev/null +++ b/queue-5.10/nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch @@ -0,0 +1,41 @@ +From ab1c282c010c4f327bd7addc3c0035fd8e3c1721 Mon Sep 17 00:00:00 2001 +From: Thorsten Blum +Date: Wed, 6 Aug 2025 03:10:01 +0200 +Subject: NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() + +From: Thorsten Blum + +commit ab1c282c010c4f327bd7addc3c0035fd8e3c1721 upstream. + +Commit 5304877936c0 ("NFSD: Fix strncpy() fortify warning") replaced +strncpy(,, sizeof(..)) with strlcpy(,, sizeof(..) - 1), but strlcpy() +already guaranteed NUL-termination of the destination buffer and +subtracting one byte potentially truncated the source string. + +The incorrect size was then carried over in commit 72f78ae00a8e ("NFSD: +move from strlcpy with unused retval to strscpy") when switching from +strlcpy() to strscpy(). + +Fix this off-by-one error by using the full size of the destination +buffer again. + +Cc: stable@vger.kernel.org +Fixes: 5304877936c0 ("NFSD: Fix strncpy() fortify warning") +Signed-off-by: Thorsten Blum +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4proc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1335,7 +1335,7 @@ try_again: + return 0; + } + if (work) { +- strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr) - 1); ++ strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr)); + refcount_set(&work->nsui_refcnt, 2); + work->nsui_busy = true; + list_add_tail(&work->nsui_list, &nn->nfsd_ssc_mount_list); diff --git a/queue-5.10/nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch b/queue-5.10/nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch new file mode 100644 index 0000000000..5e522db3ea --- /dev/null +++ b/queue-5.10/nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch @@ -0,0 +1,50 @@ +From a082e4b4d08a4a0e656d90c2c05da85f23e6d0c9 Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Thu, 21 Aug 2025 16:31:46 -0400 +Subject: nfsd: nfserr_jukebox in nlm_fopen should lead to a retry + +From: Olga Kornievskaia + +commit a082e4b4d08a4a0e656d90c2c05da85f23e6d0c9 upstream. + +When v3 NLM request finds a conflicting delegation, it triggers +a delegation recall and nfsd_open fails with EAGAIN. nfsd_open +then translates EAGAIN into nfserr_jukebox. In nlm_fopen, instead +of returning nlm_failed for when there is a conflicting delegation, +drop this NLM request so that the client retries. Once delegation +is recalled and if a local lock is claimed, a retry would lead to +nfsd returning a nlm_lck_blocked error or a successful nlm lock. + +Fixes: d343fce148a4 ("[PATCH] knfsd: Allow lockd to drop replies as appropriate") +Cc: stable@vger.kernel.org # v6.6 +Signed-off-by: Olga Kornievskaia +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/lockd.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/fs/nfsd/lockd.c ++++ b/fs/nfsd/lockd.c +@@ -48,6 +48,21 @@ nlm_fopen(struct svc_rqst *rqstp, struct + switch (nfserr) { + case nfs_ok: + return 0; ++ case nfserr_jukebox: ++ /* this error can indicate a presence of a conflicting ++ * delegation to an NLM lock request. Options are: ++ * (1) For now, drop this request and make the client ++ * retry. When delegation is returned, client's lock retry ++ * will complete. ++ * (2) NLM4_DENIED as per "spec" signals to the client ++ * that the lock is unavailable now but client can retry. ++ * Linux client implementation does not. It treats ++ * NLM4_DENIED same as NLM4_FAILED and errors the request. ++ * (3) For the future, treat this as blocked lock and try ++ * to callback when the delegation is returned but might ++ * not have a proper lock request to block on. ++ */ ++ fallthrough; + case nfserr_dropit: + return nlm_drop_reply; + case nfserr_stale: diff --git a/queue-5.10/selftests-mptcp-join-validate-c-flag-def-limit.patch b/queue-5.10/selftests-mptcp-join-validate-c-flag-def-limit.patch new file mode 100644 index 0000000000..e82d785935 --- /dev/null +++ b/queue-5.10/selftests-mptcp-join-validate-c-flag-def-limit.patch @@ -0,0 +1,59 @@ +From 008385efd05e04d8dff299382df2e8be0f91d8a0 Mon Sep 17 00:00:00 2001 +From: "Matthieu Baerts (NGI0)" +Date: Thu, 25 Sep 2025 12:32:37 +0200 +Subject: selftests: mptcp: join: validate C-flag + def limit + +From: Matthieu Baerts (NGI0) + +commit 008385efd05e04d8dff299382df2e8be0f91d8a0 upstream. + +The previous commit adds an exception for the C-flag case. The +'mptcp_join.sh' selftest is extended to validate this case. + +In this subtest, there is a typical CDN deployment with a client where +MPTCP endpoints have been 'automatically' configured: + +- the server set net.mptcp.allow_join_initial_addr_port=0 + +- the client has multiple 'subflow' endpoints, and the default limits: + not accepting ADD_ADDRs. + +Without the parent patch, the client is not able to establish new +subflows using its 'subflow' endpoints. The parent commit fixes that. + +The 'Fixes' tag here below is the same as the one from the previous +commit: this patch here is not fixing anything wrong in the selftests, +but it validates the previous fix for an issue introduced by this commit +ID. + +Fixes: df377be38725 ("mptcp: add deny_join_id0 in mptcp_options_received") +Cc: stable@vger.kernel.org +Reviewed-by: Geliang Tang +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://patch.msgid.link/20250925-net-next-mptcp-c-flag-laminar-v1-2-ad126cc47c6b@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh ++++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh +@@ -425,6 +425,17 @@ chk_rm_nr() + echo Client ns stats + ip netns exec $ns2 nstat -as | grep MPTcp + fi ++ ++ # default limits, server deny join id 0 + signal ++ if reset_with_allow_join_id0 "default limits, server deny join id 0" 0 1; then ++ pm_nl_set_limits $ns1 0 2 ++ pm_nl_set_limits $ns2 0 2 ++ pm_nl_add_endpoint $ns1 10.0.2.1 flags signal ++ pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow ++ pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow ++ run_tests $ns1 $ns2 10.0.1.1 ++ chk_join_nr 2 2 2 ++ fi + } + + sin=$(mktemp) diff --git a/queue-5.10/series b/queue-5.10/series index 63079b5be5..09a3be858d 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -164,3 +164,6 @@ pci-tegra194-fix-broken-tegra_pcie_ep_raise_msi_irq.patch spi-cadence-quadspi-flush-posted-register-writes-before-indac-access.patch x86-umip-check-that-the-instruction-opcode-is-at-least-two-bytes.patch x86-umip-fix-decoding-of-register-forms-of-0f-01-sgdt-and-sidt-aliases.patch +selftests-mptcp-join-validate-c-flag-def-limit.patch +nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch +nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch -- 2.47.3