From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
X-Cyrus-Session-Id: sloti22d1t05-4000417-1517256776-2-2300812246329128991
X-Sieve: CMU Sieve 3.0
X-Spam-known-sender: no
X-Spam-score: 0.0
X-Spam-hits: BAYES_00 -1.9, HEADER_FROM_DIFFERENT_DOMAINS 0.001, ME_NOAUTH 0.01,
  RCVD_IN_DNSWL_HI -5, T_RP_MATCHES_RCVD -0.01, LANGUAGES en,
  BAYES_USED global, SA_VERSION 3.4.0
X-Spam-source: IP='209.132.180.67', Host='vger.kernel.org', Country='US',
  FromHeader='org', MailFrom='org'
X-Spam-charsets: plain='UTF-8'
X-Resolved-to: greg@kroah.com
X-Delivered-to: greg@kroah.com
X-Mail-from: stable-owner@vger.kernel.org
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=arctest;
    t=1517256775; b=eABF/y2jTjs9fCubYV2ug4MwkUj2TyWzwScDQYSg1+nVuFs
    ItdXIWUq086kaN/dBrRFN4ln2q1sZ0zBLpQdIEd5U8Bw35Ke3Av8lSNdaubOKLU+
    6rTHWncO4e9qwRV3Fx83zaczctpwjY3dTdUo5KNu/uwiMN4D+X7zB3zWHVtasnAS
    oMJwEV8WrKH0bFQ26xYd013i+TjWjFIuUQEyolY2bSZhHKjhpJPOgUa/vYiAgdXv
    YJXKHJAUcjieRCWOg4L0fDUq6x0rWrUzrLXVyKDwAdTlyy2SBaL8Kj282gQbT28U
    I3ZauBVM3KMpXRkAYYIdQWPjD8bVLst6tKVyVFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    messagingengine.com; h=from:to:cc:subject:date:message-id
    :in-reply-to:references:mime-version:content-type:sender
    :list-id; s=arctest; t=1517256775; bh=eamesSzjDBzDij8FZmFc8E+MWK
    DeEEJ1fxNvK+F+tck=; b=a+5ivB8QCKrj6QdpChEuOdV4aBgzL+AtWuVTNxbFNt
    SjKlEbW76e6z3nAAe43GnWgvEBZOPapTmBWEkXQofEiP8XFXWOd0TBi8W4X/vTSI
    bZMRdnsCxnjvxTza0zDaxuGH1quMDpW6J9fBMTbnPAbXB32qYD+UUik6SN5I4x/i
    gIsqSG8oCEe503ISw5Y5V9Xr/xfbMrBc/KQhBDMsQuuc2HwD8F3SptxCwDbZWS88
    S3z+0nb9Yoct+RwduTzODiQVH0YjhfrXm0XpNC3eu4/7zrL62oBqLo5As108d9Oi
    spZPlkeRkJpjEow/GlnRjJcOFH0ZU6X9IrPowEKH8aNA==
ARC-Authentication-Results: i=1; mx4.messagingengine.com; arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=none (p=none,has-list-id=yes,d=none) header.from=linuxfoundation.org;
    iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org);
    spf=none smtp.mailfrom=stable-owner@vger.kernel.org smtp.helo=vger.kernel.org;
    x-aligned-from=fail;
    x-ptr=pass x-ptr-helo=vger.kernel.org x-ptr-lookup=vger.kernel.org;
    x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=linuxfoundation.org header.result=pass header_is_org_domain=yes
Authentication-Results: mx4.messagingengine.com;
    arc=none (no signatures found);
    dkim=none (no signatures found);
    dmarc=none (p=none,has-list-id=yes,d=none) header.from=linuxfoundation.org;
    iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org);
    spf=none smtp.mailfrom=stable-owner@vger.kernel.org smtp.helo=vger.kernel.org;
    x-aligned-from=fail;
    x-ptr=pass x-ptr-helo=vger.kernel.org x-ptr-lookup=vger.kernel.org;
    x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=linuxfoundation.org header.result=pass header_is_org_domain=yes
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753991AbeA2UMw (ORCPT <rfc822;greg@kroah.com>);
        Mon, 29 Jan 2018 15:12:52 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:35988 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753489AbeA2UMv (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 29 Jan 2018 15:12:51 -0500
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Martin Brandenburg <martin@omnibond.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.14 02/71] orangefs: initialize op on loop restart in orangefs_devreq_read
Date: Mon, 29 Jan 2018 13:56:30 +0100
Message-Id: <20180129123827.486989889@linuxfoundation.org>
X-Mailer: git-send-email 2.16.1
In-Reply-To: <20180129123827.271171825@linuxfoundation.org>
References: <20180129123827.271171825@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: stable-owner@vger.kernel.org
X-Mailing-List: stable@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Martin Brandenburg <martin@omnibond.com>

commit a0ec1ded22e6a6bc41981fae22406835b006a66e upstream.

In orangefs_devreq_read, there is a loop which picks an op off the list
of pending ops.  If the loop fails to find an op, there is nothing to
read, and it returns EAGAIN.  If the op has been given up on, the loop
is restarted via a goto.  The bug is that the variable which the found
op is written to is not reinitialized, so if there are no more eligible
ops on the list, the code runs again on the already handled op.

This is triggered by interrupting a process while the op is being copied
to the client-core.  It's a fairly small window, but it's there.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/orangefs/devorangefs-req.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/orangefs/devorangefs-req.c
+++ b/fs/orangefs/devorangefs-req.c
@@ -162,7 +162,7 @@ static ssize_t orangefs_devreq_read(stru
 	struct orangefs_kernel_op_s *op, *temp;
 	__s32 proto_ver = ORANGEFS_KERNEL_PROTO_VERSION;
 	static __s32 magic = ORANGEFS_DEVREQ_MAGIC;
-	struct orangefs_kernel_op_s *cur_op = NULL;
+	struct orangefs_kernel_op_s *cur_op;
 	unsigned long ret;
 
 	/* We do not support blocking IO. */
@@ -186,6 +186,7 @@ static ssize_t orangefs_devreq_read(stru
 		return -EAGAIN;
 
 restart:
+	cur_op = NULL;
 	/* Get next op (if any) from top of list. */
 	spin_lock(&orangefs_request_list_lock);
 	list_for_each_entry_safe(op, temp, &orangefs_request_list, list) {