NFS client bugfixes for Linux 3.9
- Stable fix for memory corruption issues in nfs4[01]_walk_client_list - Stable fix for an Oopsable bug in rpc_clone_client - Another state manager deadlock in the NFSv4 open code - Memory leaks in nfs4_discover_server_trunking and rpc_new_client -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAABAgAGBQJRZYu9AAoJEGcL54qWCgDySfwP/R2IdO2nfRzmDCPtvD6pPg8T l8Gf97Z/8A3g6WwfvmKNt48D1fKnhAcOaKTZQIZuZePAjI/Yy74DFMof6paiDmsO 8hMcZgvunZotPwmBmhIwmLOxDYgbpdizDBlITsimnUQLrv78bMw2F/cNCcThYgTI Q4sNpZsl4kk1nmOYK/tGBCCkq6mIQhc95QeQPgnl2B/NozpZiIqgzrpWpSWMofn2 cuSLiuEdmpCdJbgQaPEjSWf+doo/nBn720+Xj2RjmLhTTnWUtAsouElAdMs96Jjz cEhSll3nLIygr1xdFF7CD8qFjpbtg/YNhKw3HBCFAgHjrAjr+a3N+eHQOz9QQ6W4 5OL3Mj0VEkvMrK1Sy76smynQJMJhrsn852Zo2wK2mCp+mHNZlBlML529Y4PJy2Ba Up4MteIaOTpKGSnBdzWmqPqro9glqlhrUk/o3XipCzIziWC8yDYjl2J9Ez8B7Ren uzvBeevYRX9AmQlmZUAPvx8+xVqA6cr0X2q8/6PqPnrNXP6Ff8+rm6gvH4VozyzJ qd/r7Bf1ozFXxoKQOztSiGjI5YiBp4DRXycR5td6eF3nZJipmbxY+WKllhaAakn6 UY2NsGX2zfxkJMltqd2/xRmHtN+Eif1Uoo35pvzNxzBtPsRxBMIiPhGLglQu98Yj 2NuwfT4//UNfS6JlBe6E =kBf2 -----END PGP SIGNATURE----- Merge tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client bugfixes from Trond Myklebust: - fix for memory corruption issues in nfs4[01]_walk_client_list (stable) - fix for an Oopsable bug in rpc_clone_client (stable) - another state manager deadlock in the NFSv4 open code - memory leaks in nfs4_discover_server_trunking and rpc_new_client * tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Fix another potential state manager deadlock SUNRPC: Fix a potential memory leak in rpc_new_client NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list NFSv4: Fix a memory leak in nfs4_discover_server_trunking SUNRPC: Remove extra xprt_put()
This commit is contained in:
Linus Torvalds
commit
f94eeb423b
|
|
@ -300,7 +300,7 @@ int nfs40_walk_client_list(struct nfs_client *new,
|
||||||
struct rpc_cred *cred)
|
struct rpc_cred *cred)
|
||||||
{
|
{
|
||||||
struct nfs_net *nn = net_generic(new->cl_net, nfs_net_id);
|
struct nfs_net *nn = net_generic(new->cl_net, nfs_net_id);
|
||||||
struct nfs_client *pos, *n, *prev = NULL;
|
struct nfs_client *pos, *prev = NULL;
|
||||||
struct nfs4_setclientid_res clid = {
|
struct nfs4_setclientid_res clid = {
|
||||||
.clientid = new->cl_clientid,
|
.clientid = new->cl_clientid,
|
||||||
.confirm = new->cl_confirm,
|
.confirm = new->cl_confirm,
|
||||||
|
|
@ -308,10 +308,23 @@ int nfs40_walk_client_list(struct nfs_client *new,
|
||||||
int status = -NFS4ERR_STALE_CLIENTID;
|
int status = -NFS4ERR_STALE_CLIENTID;
|
||||||
|
|
||||||
spin_lock(&nn->nfs_client_lock);
|
spin_lock(&nn->nfs_client_lock);
|
||||||
list_for_each_entry_safe(pos, n, &nn->nfs_client_list, cl_share_link) {
|
list_for_each_entry(pos, &nn->nfs_client_list, cl_share_link) {
|
||||||
/* If "pos" isn't marked ready, we can't trust the
|
/* If "pos" isn't marked ready, we can't trust the
|
||||||
* remaining fields in "pos" */
|
* remaining fields in "pos" */
|
||||||
if (pos->cl_cons_state < NFS_CS_READY)
|
if (pos->cl_cons_state > NFS_CS_READY) {
|
||||||
|
atomic_inc(&pos->cl_count);
|
||||||
|
spin_unlock(&nn->nfs_client_lock);
|
||||||
|
|
||||||
|
if (prev)
|
||||||
|
nfs_put_client(prev);
|
||||||
|
prev = pos;
|
||||||
|
|
||||||
|
status = nfs_wait_client_init_complete(pos);
|
||||||
|
spin_lock(&nn->nfs_client_lock);
|
||||||
|
if (status < 0)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (pos->cl_cons_state != NFS_CS_READY)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (pos->rpc_ops != new->rpc_ops)
|
if (pos->rpc_ops != new->rpc_ops)
|
||||||
|
|
@ -423,16 +436,16 @@ int nfs41_walk_client_list(struct nfs_client *new,
|
||||||
struct rpc_cred *cred)
|
struct rpc_cred *cred)
|
||||||
{
|
{
|
||||||
struct nfs_net *nn = net_generic(new->cl_net, nfs_net_id);
|
struct nfs_net *nn = net_generic(new->cl_net, nfs_net_id);
|
||||||
struct nfs_client *pos, *n, *prev = NULL;
|
struct nfs_client *pos, *prev = NULL;
|
||||||
int status = -NFS4ERR_STALE_CLIENTID;
|
int status = -NFS4ERR_STALE_CLIENTID;
|
||||||
|
|
||||||
spin_lock(&nn->nfs_client_lock);
|
spin_lock(&nn->nfs_client_lock);
|
||||||
list_for_each_entry_safe(pos, n, &nn->nfs_client_list, cl_share_link) {
|
list_for_each_entry(pos, &nn->nfs_client_list, cl_share_link) {
|
||||||
/* If "pos" isn't marked ready, we can't trust the
|
/* If "pos" isn't marked ready, we can't trust the
|
||||||
* remaining fields in "pos", especially the client
|
* remaining fields in "pos", especially the client
|
||||||
* ID and serverowner fields. Wait for CREATE_SESSION
|
* ID and serverowner fields. Wait for CREATE_SESSION
|
||||||
* to finish. */
|
* to finish. */
|
||||||
if (pos->cl_cons_state < NFS_CS_READY) {
|
if (pos->cl_cons_state > NFS_CS_READY) {
|
||||||
atomic_inc(&pos->cl_count);
|
atomic_inc(&pos->cl_count);
|
||||||
spin_unlock(&nn->nfs_client_lock);
|
spin_unlock(&nn->nfs_client_lock);
|
||||||
|
|
||||||
|
|
@ -440,18 +453,17 @@ int nfs41_walk_client_list(struct nfs_client *new,
|
||||||
nfs_put_client(prev);
|
nfs_put_client(prev);
|
||||||
prev = pos;
|
prev = pos;
|
||||||
|
|
||||||
nfs4_schedule_lease_recovery(pos);
|
|
||||||
status = nfs_wait_client_init_complete(pos);
|
status = nfs_wait_client_init_complete(pos);
|
||||||
if (status < 0) {
|
if (status == 0) {
|
||||||
nfs_put_client(pos);
|
nfs4_schedule_lease_recovery(pos);
|
||||||
spin_lock(&nn->nfs_client_lock);
|
status = nfs4_wait_clnt_recover(pos);
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
status = pos->cl_cons_state;
|
|
||||||
spin_lock(&nn->nfs_client_lock);
|
spin_lock(&nn->nfs_client_lock);
|
||||||
if (status < 0)
|
if (status < 0)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if (pos->cl_cons_state != NFS_CS_READY)
|
||||||
|
continue;
|
||||||
|
|
||||||
if (pos->rpc_ops != new->rpc_ops)
|
if (pos->rpc_ops != new->rpc_ops)
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -469,17 +481,17 @@ int nfs41_walk_client_list(struct nfs_client *new,
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
atomic_inc(&pos->cl_count);
|
atomic_inc(&pos->cl_count);
|
||||||
spin_unlock(&nn->nfs_client_lock);
|
*result = pos;
|
||||||
dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n",
|
dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n",
|
||||||
__func__, pos, atomic_read(&pos->cl_count));
|
__func__, pos, atomic_read(&pos->cl_count));
|
||||||
|
break;
|
||||||
*result = pos;
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* No matching nfs_client found. */
|
/* No matching nfs_client found. */
|
||||||
spin_unlock(&nn->nfs_client_lock);
|
spin_unlock(&nn->nfs_client_lock);
|
||||||
dprintk("NFS: <-- %s status = %d\n", __func__, status);
|
dprintk("NFS: <-- %s status = %d\n", __func__, status);
|
||||||
|
if (prev)
|
||||||
|
nfs_put_client(prev);
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_NFS_V4_1 */
|
#endif /* CONFIG_NFS_V4_1 */
|
||||||
|
|
|
||||||
|
|
@ -1046,6 +1046,7 @@ static struct nfs4_state *nfs4_try_open_cached(struct nfs4_opendata *opendata)
|
||||||
/* Save the delegation */
|
/* Save the delegation */
|
||||||
nfs4_stateid_copy(&stateid, &delegation->stateid);
|
nfs4_stateid_copy(&stateid, &delegation->stateid);
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
|
nfs_release_seqid(opendata->o_arg.seqid);
|
||||||
ret = nfs_may_open(state->inode, state->owner->so_cred, open_mode);
|
ret = nfs_may_open(state->inode, state->owner->so_cred, open_mode);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
|
||||||
|
|
@ -1886,7 +1886,13 @@ again:
|
||||||
status = PTR_ERR(clnt);
|
status = PTR_ERR(clnt);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
clp->cl_rpcclient = clnt;
|
/* Note: this is safe because we haven't yet marked the
|
||||||
|
* client as ready, so we are the only user of
|
||||||
|
* clp->cl_rpcclient
|
||||||
|
*/
|
||||||
|
clnt = xchg(&clp->cl_rpcclient, clnt);
|
||||||
|
rpc_shutdown_client(clnt);
|
||||||
|
clnt = clp->cl_rpcclient;
|
||||||
goto again;
|
goto again;
|
||||||
|
|
||||||
case -NFS4ERR_MINOR_VERS_MISMATCH:
|
case -NFS4ERR_MINOR_VERS_MISMATCH:
|
||||||
|
|
|
||||||
|
|
@ -304,10 +304,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru
|
||||||
err = rpciod_up();
|
err = rpciod_up();
|
||||||
if (err)
|
if (err)
|
||||||
goto out_no_rpciod;
|
goto out_no_rpciod;
|
||||||
err = -EINVAL;
|
|
||||||
if (!xprt)
|
|
||||||
goto out_no_xprt;
|
|
||||||
|
|
||||||
|
err = -EINVAL;
|
||||||
if (args->version >= program->nrvers)
|
if (args->version >= program->nrvers)
|
||||||
goto out_err;
|
goto out_err;
|
||||||
version = program->version[args->version];
|
version = program->version[args->version];
|
||||||
|
|
@ -382,10 +380,9 @@ out_no_principal:
|
||||||
out_no_stats:
|
out_no_stats:
|
||||||
kfree(clnt);
|
kfree(clnt);
|
||||||
out_err:
|
out_err:
|
||||||
xprt_put(xprt);
|
|
||||||
out_no_xprt:
|
|
||||||
rpciod_down();
|
rpciod_down();
|
||||||
out_no_rpciod:
|
out_no_rpciod:
|
||||||
|
xprt_put(xprt);
|
||||||
return ERR_PTR(err);
|
return ERR_PTR(err);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -512,7 +509,7 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
|
||||||
new = rpc_new_client(args, xprt);
|
new = rpc_new_client(args, xprt);
|
||||||
if (IS_ERR(new)) {
|
if (IS_ERR(new)) {
|
||||||
err = PTR_ERR(new);
|
err = PTR_ERR(new);
|
||||||
goto out_put;
|
goto out_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
atomic_inc(&clnt->cl_count);
|
atomic_inc(&clnt->cl_count);
|
||||||
|
|
@ -525,8 +522,6 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
|
||||||
new->cl_chatty = clnt->cl_chatty;
|
new->cl_chatty = clnt->cl_chatty;
|
||||||
return new;
|
return new;
|
||||||
|
|
||||||
out_put:
|
|
||||||
xprt_put(xprt);
|
|
||||||
out_err:
|
out_err:
|
||||||
dprintk("RPC: %s: returned error %d\n", __func__, err);
|
dprintk("RPC: %s: returned error %d\n", __func__, err);
|
||||||
return ERR_PTR(err);
|
return ERR_PTR(err);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue