* [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc
@ 2024-01-29 16:43 Jeff Layton
2024-01-29 16:52 ` Benjamin Coddington
0 siblings, 1 reply; 6+ messages in thread
From: Jeff Layton @ 2024-01-29 16:43 UTC (permalink / raw)
To: Chuck Lever, Neil Brown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Benjamin Coddington
Cc: Anna Schumaker, linux-nfs, netdev, linux-kernel, Alexander Aring,
Jeff Layton
Alex reported seeing this:
[ 18.238266] ------------[ cut here ]------------
[ 18.239286] UBSAN: shift-out-of-bounds in net/sunrpc/xprt.c:660:14
[ 18.240699] shift exponent 60000 is too large for 64-bit type 'long unsigned int'
[ 18.242277] CPU: 1 PID: 290 Comm: NFSv4 callback Not tainted 6.8.0-rc1devtest5+ #5814
[ 18.243846] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-4.module+el8.9.0+19570+14a90618 04/01/2014
[ 18.245460] Call Trace:
[ 18.245855] <TASK>
[ 18.246200] dump_stack_lvl+0x93/0xb0
[ 18.246785] dump_stack+0x10/0x20
[ 18.247308] ubsan_epilogue+0x9/0x40
[ 18.247875] __ubsan_handle_shift_out_of_bounds+0x110/0x170
[ 18.248727] ? ktime_get+0x130/0x2a0
[ 18.249317] xprt_calc_majortimeo.isra.13.cold.45+0x12/0x23
[ 18.250184] xprt_init_majortimeo.isra.27+0x9c/0x150
[ 18.251062] xprt_init_bc_request+0xc1/0xd0
[ 18.251728] rpc_run_bc_task+0xd3/0x1b0
[ 18.252328] ? __pfx_rpc_run_bc_task+0x10/0x10
[ 18.253045] ? __this_cpu_preempt_check+0x13/0x20
[ 18.253780] ? xdr_inline_decode+0x5b/0x260
[ 18.254447] svc_process_bc+0x3b2/0x4d0
[ 18.255069] ? __pfx_svc_process_bc+0x10/0x10
[ 18.255755] ? __lwq_dequeue+0x5c/0xe0
[ 18.256350] ? __kasan_check_read+0x11/0x20
[ 18.257002] ? svc_thread_should_sleep+0x15d/0x190
[ 18.257754] ? svc_recv+0x918/0x13b0
[ 18.258321] svc_recv+0xa7e/0x13b0
[ 18.258892] nfs4_callback_svc+0x53/0xb0
[ 18.259508] ? __pfx_nfs4_callback_svc+0x10/0x10
[ 18.260227] kthread+0x1c2/0x210
[ 18.260744] ? kthread+0x103/0x210
[ 18.261278] ? __pfx_kthread+0x10/0x10
[ 18.261872] ret_from_fork+0x3a/0x50
[ 18.262433] ? __pfx_kthread+0x10/0x10
[ 18.263024] ret_from_fork_asm+0x1b/0x30
[ 18.263684] </TASK>
[ 18.264348] ---[ end trace ]---
to_initval can be very large and cause a shift overflow later. Ensure we
copy the correct value into to_retries.
Cc: Benjamin Coddington <bcodding@redhat.com>
Reported-by: Alexander Aring <aahringo@redhat.com>
Fixes: 57331a59ac0d NFSv4.1: Use the nfs_client's rpc timeouts for backchannel
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
net/sunrpc/svc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index f60c93e5a25d..d86bf5b051fa 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -1598,7 +1598,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
/* Finally, send the reply synchronously */
if (rqstp->bc_to_initval > 0) {
timeout.to_initval = rqstp->bc_to_initval;
- timeout.to_retries = rqstp->bc_to_initval;
+ timeout.to_retries = rqstp->bc_to_retries;
} else {
timeout.to_initval = req->rq_xprt->timeout->to_initval;
timeout.to_initval = req->rq_xprt->timeout->to_retries;
---
base-commit: 41bccc98fb7931d63d03f326a746ac4d429c1dd3
change-id: 20240129-nfsd-fixes-0d95718a0bca
Best regards,
--
Jeff Layton <jlayton@kernel.org>
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc
2024-01-29 16:43 [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc Jeff Layton
@ 2024-01-29 16:52 ` Benjamin Coddington
2024-01-29 16:55 ` Chuck Lever III
2024-01-29 16:59 ` Jeff Layton
0 siblings, 2 replies; 6+ messages in thread
From: Benjamin Coddington @ 2024-01-29 16:52 UTC (permalink / raw)
To: Jeff Layton
Cc: Chuck Lever, Neil Brown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Anna Schumaker, linux-nfs, netdev,
linux-kernel, Alexander Aring
On 29 Jan 2024, at 11:43, Jeff Layton wrote:
> Alex reported seeing this:
>
> [ 18.238266] ------------[ cut here ]------------
> ...
This one got fixed already, just waiting for a maintainer to send it along:
https://lore.kernel.org/linux-nfs/20240123053509.3592653-1-samasth.norway.ananda@oracle.com/
Ben
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc
2024-01-29 16:52 ` Benjamin Coddington
@ 2024-01-29 16:55 ` Chuck Lever III
2024-01-29 16:59 ` Benjamin Coddington
2024-01-29 16:59 ` Jeff Layton
1 sibling, 1 reply; 6+ messages in thread
From: Chuck Lever III @ 2024-01-29 16:55 UTC (permalink / raw)
To: Benjamin Coddington
Cc: Jeff Layton, Neil Brown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Anna Schumaker,
Linux NFS Mailing List, open list:NETWORKING [GENERAL],
linux-kernel@vger.kernel.org, Alexander Aring
> On Jan 29, 2024, at 11:52 AM, Benjamin Coddington <bcodding@redhat.com> wrote:
>
> On 29 Jan 2024, at 11:43, Jeff Layton wrote:
>
>> Alex reported seeing this:
>>
>> [ 18.238266] ------------[ cut here ]------------
>> ...
>
> This one got fixed already, just waiting for a maintainer to send it along:
>
> https://lore.kernel.org/linux-nfs/20240123053509.3592653-1-samasth.norway.ananda@oracle.com/
Ah. That touches net/sunrpc/svc.c, but it was sent to the client maintainers.
Do you want me to take it through the nfsd tree?
--
Chuck Lever
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc
2024-01-29 16:55 ` Chuck Lever III
@ 2024-01-29 16:59 ` Benjamin Coddington
2024-01-29 17:02 ` Chuck Lever III
0 siblings, 1 reply; 6+ messages in thread
From: Benjamin Coddington @ 2024-01-29 16:59 UTC (permalink / raw)
To: Chuck Lever III
Cc: Jeff Layton, Neil Brown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Anna Schumaker,
Linux NFS Mailing List, open list:NETWORKING [GENERAL],
linux-kernel, Alexander Aring
On 29 Jan 2024, at 11:55, Chuck Lever III wrote:
>> On Jan 29, 2024, at 11:52 AM, Benjamin Coddington <bcodding@redhat.com> wrote:
>>
>> On 29 Jan 2024, at 11:43, Jeff Layton wrote:
>>
>>> Alex reported seeing this:
>>>
>>> [ 18.238266] ------------[ cut here ]------------
>>> ...
>>
>> This one got fixed already, just waiting for a maintainer to send it along:
>>
>> https://lore.kernel.org/linux-nfs/20240123053509.3592653-1-samasth.norway.ananda@oracle.com/
>
> Ah. That touches net/sunrpc/svc.c, but it was sent to the client maintainers.
>
> Do you want me to take it through the nfsd tree?
Oh yeah if you like, not sure how you want to sort it between the because
even though its in svc.c, its a client fix; this code is specific for the
client's backchannel.
Note the version on this thread misses the 2nd typo.
Ben
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc
2024-01-29 16:59 ` Benjamin Coddington
@ 2024-01-29 17:02 ` Chuck Lever III
0 siblings, 0 replies; 6+ messages in thread
From: Chuck Lever III @ 2024-01-29 17:02 UTC (permalink / raw)
To: Benjamin Coddington
Cc: Jeff Layton, Neil Brown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Anna Schumaker,
Linux NFS Mailing List, open list:NETWORKING [GENERAL],
Linux Kernel Mailing List, Alexander Aring
> On Jan 29, 2024, at 11:59 AM, Benjamin Coddington <bcodding@redhat.com> wrote:
>
> On 29 Jan 2024, at 11:55, Chuck Lever III wrote:
>
>>> On Jan 29, 2024, at 11:52 AM, Benjamin Coddington <bcodding@redhat.com> wrote:
>>>
>>> On 29 Jan 2024, at 11:43, Jeff Layton wrote:
>>>
>>>> Alex reported seeing this:
>>>>
>>>> [ 18.238266] ------------[ cut here ]------------
>>>> ...
>>>
>>> This one got fixed already, just waiting for a maintainer to send it along:
>>>
>>> https://lore.kernel.org/linux-nfs/20240123053509.3592653-1-samasth.norway.ananda@oracle.com/
>>
>> Ah. That touches net/sunrpc/svc.c, but it was sent to the client maintainers.
>>
>> Do you want me to take it through the nfsd tree?
>
> Oh yeah if you like, not sure how you want to sort it between the because
> even though its in svc.c, its a client fix; this code is specific for the
> client's backchannel.
I'll add to nfsd-fixes.
> Note the version on this thread misses the 2nd typo.
Ack.
--
Chuck Lever
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc
2024-01-29 16:52 ` Benjamin Coddington
2024-01-29 16:55 ` Chuck Lever III
@ 2024-01-29 16:59 ` Jeff Layton
1 sibling, 0 replies; 6+ messages in thread
From: Jeff Layton @ 2024-01-29 16:59 UTC (permalink / raw)
To: Benjamin Coddington
Cc: Chuck Lever, Neil Brown, Olga Kornievskaia, Dai Ngo, Tom Talpey,
Trond Myklebust, Anna Schumaker, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Anna Schumaker, linux-nfs, netdev,
linux-kernel, Alexander Aring
On Mon, 2024-01-29 at 11:52 -0500, Benjamin Coddington wrote:
> On 29 Jan 2024, at 11:43, Jeff Layton wrote:
>
> > Alex reported seeing this:
> >
> > [ 18.238266] ------------[ cut here ]------------
> > ...
>
> This one got fixed already, just waiting for a maintainer to send it along:
>
> https://lore.kernel.org/linux-nfs/20240123053509.3592653-1-samasth.norway.ananda@oracle.com/
>
Sorry for the noise. You can just drop mine.
--
Jeff Layton <jlayton@kernel.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-01-29 17:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-29 16:43 [PATCH] sunrpc: fix assignment of to_retries in svc_process_bc Jeff Layton
2024-01-29 16:52 ` Benjamin Coddington
2024-01-29 16:55 ` Chuck Lever III
2024-01-29 16:59 ` Benjamin Coddington
2024-01-29 17:02 ` Chuck Lever III
2024-01-29 16:59 ` Jeff Layton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox