From bc9d8b0aec5eedbef59de86766665187ec35e196 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 3 Nov 2024 15:24:38 -0500 Subject: [PATCH] Fixes for 6.11 Signed-off-by: Sasha Levin --- ...initialize-struct-nfsd4_copy-earlier.patch | 48 +++++++++++++++++++ ...rement-pending_async_copies-on-error.patch | 39 +++++++++++++++ ...elease-the-rpcrdma_device-s-xa_array.patch | 37 ++++++++++++++ queue-6.11/series | 3 ++ 4 files changed, 127 insertions(+) create mode 100644 queue-6.11/nfsd-initialize-struct-nfsd4_copy-earlier.patch create mode 100644 queue-6.11/nfsd-never-decrement-pending_async_copies-on-error.patch create mode 100644 queue-6.11/rpcrdma-always-release-the-rpcrdma_device-s-xa_array.patch diff --git a/queue-6.11/nfsd-initialize-struct-nfsd4_copy-earlier.patch b/queue-6.11/nfsd-initialize-struct-nfsd4_copy-earlier.patch new file mode 100644 index 00000000000..3ed580cf24c --- /dev/null +++ b/queue-6.11/nfsd-initialize-struct-nfsd4_copy-earlier.patch @@ -0,0 +1,48 @@ +From 99d6671cbed2cce39028a90463a177597deb5fc3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 26 Oct 2024 12:02:38 -0400 +Subject: NFSD: Initialize struct nfsd4_copy earlier + +From: Chuck Lever + +[ Upstream commit 63fab04cbd0f96191b6e5beedc3b643b01c15889 ] + +Ensure the refcount and async_copies fields are initialized early. +cleanup_async_copy() will reference these fields if an error occurs +in nfsd4_copy(). If they are not correctly initialized, at the very +least, a refcount underflow occurs. + +Reported-by: Olga Kornievskaia +Fixes: aadc3bbea163 ("NFSD: Limit the number of concurrent async COPY operations") +Reviewed-by: Jeff Layton +Tested-by: Olga Kornievskaia +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + fs/nfsd/nfs4proc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c +index 5768b2ff1d1d1..81a1e3bf06b97 100644 +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1838,14 +1838,14 @@ nfsd4_copy(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + if (!async_copy) + goto out_err; + async_copy->cp_nn = nn; ++ INIT_LIST_HEAD(&async_copy->copies); ++ refcount_set(&async_copy->refcount, 1); + /* Arbitrary cap on number of pending async copy operations */ + if (atomic_inc_return(&nn->pending_async_copies) > + (int)rqstp->rq_pool->sp_nrthreads) { + atomic_dec(&nn->pending_async_copies); + goto out_err; + } +- INIT_LIST_HEAD(&async_copy->copies); +- refcount_set(&async_copy->refcount, 1); + async_copy->cp_src = kmalloc(sizeof(*async_copy->cp_src), GFP_KERNEL); + if (!async_copy->cp_src) + goto out_err; +-- +2.43.0 + diff --git a/queue-6.11/nfsd-never-decrement-pending_async_copies-on-error.patch b/queue-6.11/nfsd-never-decrement-pending_async_copies-on-error.patch new file mode 100644 index 00000000000..4906a7c644e --- /dev/null +++ b/queue-6.11/nfsd-never-decrement-pending_async_copies-on-error.patch @@ -0,0 +1,39 @@ +From 0fd07d8a88acd45df2ca40b18e81638f2f527d38 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 29 Oct 2024 15:27:19 -0400 +Subject: NFSD: Never decrement pending_async_copies on error + +From: Chuck Lever + +[ Upstream commit 8286f8b622990194207df9ab852e0f87c60d35e9 ] + +The error flow in nfsd4_copy() calls cleanup_async_copy(), which +already decrements nn->pending_async_copies. + +Reported-by: Olga Kornievskaia +Fixes: aadc3bbea163 ("NFSD: Limit the number of concurrent async COPY operations") +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + fs/nfsd/nfs4proc.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c +index 81a1e3bf06b97..8b78d493e301f 100644 +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1842,10 +1842,8 @@ nfsd4_copy(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + refcount_set(&async_copy->refcount, 1); + /* Arbitrary cap on number of pending async copy operations */ + if (atomic_inc_return(&nn->pending_async_copies) > +- (int)rqstp->rq_pool->sp_nrthreads) { +- atomic_dec(&nn->pending_async_copies); ++ (int)rqstp->rq_pool->sp_nrthreads) + goto out_err; +- } + async_copy->cp_src = kmalloc(sizeof(*async_copy->cp_src), GFP_KERNEL); + if (!async_copy->cp_src) + goto out_err; +-- +2.43.0 + diff --git a/queue-6.11/rpcrdma-always-release-the-rpcrdma_device-s-xa_array.patch b/queue-6.11/rpcrdma-always-release-the-rpcrdma_device-s-xa_array.patch new file mode 100644 index 00000000000..ea4b4e620c0 --- /dev/null +++ b/queue-6.11/rpcrdma-always-release-the-rpcrdma_device-s-xa_array.patch @@ -0,0 +1,37 @@ +From ed40d614ff243ccfca53ae6118ee3c4b1b841831 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2024 16:11:30 -0400 +Subject: rpcrdma: Always release the rpcrdma_device's xa_array + +From: Chuck Lever + +[ Upstream commit 63a81588cd2025e75fbaf30b65930b76825c456f ] + +Dai pointed out that the xa_init_flags() in rpcrdma_add_one() needs +to have a matching xa_destroy() in rpcrdma_remove_one() to release +underlying memory that the xarray might have accrued during +operation. + +Reported-by: Dai Ngo +Fixes: 7e86845a0346 ("rpcrdma: Implement generic device removal") +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + net/sunrpc/xprtrdma/ib_client.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/sunrpc/xprtrdma/ib_client.c b/net/sunrpc/xprtrdma/ib_client.c +index 8507cd4d89217..28c68b5f68238 100644 +--- a/net/sunrpc/xprtrdma/ib_client.c ++++ b/net/sunrpc/xprtrdma/ib_client.c +@@ -153,6 +153,7 @@ static void rpcrdma_remove_one(struct ib_device *device, + } + + trace_rpcrdma_client_remove_one_done(device); ++ xa_destroy(&rd->rd_xa); + kfree(rd); + } + +-- +2.43.0 + diff --git a/queue-6.11/series b/queue-6.11/series index 82a36c9390d..ccfd7bc73d9 100644 --- a/queue-6.11/series +++ b/queue-6.11/series @@ -108,3 +108,6 @@ thermal-intel-int340x-processor-add-mmio-rapl-pl4-su.patch net-amd-mvme147-fix-probe-banner-message.patch nfs-remove-revoked-delegation-from-server-s-delegati.patch misc-sgi-gru-don-t-disable-preemption-in-gru-driver.patch +nfsd-initialize-struct-nfsd4_copy-earlier.patch +nfsd-never-decrement-pending_async_copies-on-error.patch +rpcrdma-always-release-the-rpcrdma_device-s-xa_array.patch -- 2.47.3