From: Trond Myklebust <trondmy@primarydata.com>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Cc: "kinglongmee@gmail.com" <kinglongmee@gmail.com>,
"Anna.Schumaker@Netapp.com" <Anna.Schumaker@Netapp.com>,
Trond Myklebust <trondmy@primarydata.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 3.18 14/36] NFSv4: fix a reference leak caused WARNING messages
Date: Mon, 3 Jul 2017 14:33:29 +0000 [thread overview]
Message-ID: <1499092406.79205.1.camel@primarydata.com> (raw)
In-Reply-To: <20170703133256.886693680@linuxfoundation.org>
Hi Greg,
On Mon, 2017-07-03 at 15:34 +0200, Greg Kroah-Hartman wrote:
> 3.18-stable review patch. If anyone has any objections, please let
> me know.
I cannot find commit a974deee477af89411e0f80456bfb344ac433c98 in
v3.18.59, so I think we should probably drop this patch instance.
Thanks for applying it to the newer stable kernels!
Cheers
Trond
>
> ------------------
>
> From: Kinglong Mee <kinglongmee@gmail.com>
>
> commit 366a1569bff3fe14abfdf9285e31e05e091745f5 upstream.
>
> Because nfs4_opendata_access() has close the state when access is
> denied,
> so the state isn't leak.
> Rather than revert the commit a974deee47, I'd like clean the strange
> state close.
>
> [ 1615.094218] ------------[ cut here ]------------
> [ 1615.094607] WARNING: CPU: 0 PID: 23702 at lib/list_debug.c:31
> __list_add_valid+0x8e/0xa0
> [ 1615.094913] list_add double add: new=ffff9d7901d9f608,
> prev=ffff9d7901d9f608, next=ffff9d7901ee8dd0.
> [ 1615.095458] Modules linked in: nfsv4(E) nfs(E) nfsd(E) tun bridge
> stp llc fuse ip_set nfnetlink vmw_vsock_vmci_transport vsock f2fs
> snd_seq_midi snd_seq_midi_event fscrypto coretemp ppdev
> crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_rapl_perf
> vmw_balloon snd_ens1371 joydev gameport snd_ac97_codec ac97_bus
> snd_seq snd_pcm snd_rawmidi snd_timer snd_seq_device snd soundcore
> nfit parport_pc parport acpi_cpufreq tpm_tis tpm_tis_core tpm
> i2c_piix4 vmw_vmci shpchp auth_rpcgss nfs_acl lockd(E) grace
> sunrpc(E) xfs libcrc32c vmwgfx drm_kms_helper ttm drm crc32c_intel
> mptspi e1000 serio_raw scsi_transport_spi mptscsih mptbase
> ata_generic pata_acpi fjes [last unloaded: nfs]
> [ 1615.097663] CPU: 0 PID: 23702 Comm: fstest Tainted:
> G W E 4.11.0-rc1+ #517
> [ 1615.098015] Hardware name: VMware, Inc. VMware Virtual
> Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
> [ 1615.098807] Call Trace:
> [ 1615.099183] dump_stack+0x63/0x86
> [ 1615.099578] __warn+0xcb/0xf0
> [ 1615.099967] warn_slowpath_fmt+0x5f/0x80
> [ 1615.100370] __list_add_valid+0x8e/0xa0
> [ 1615.100760] nfs4_put_state_owner+0x75/0xc0 [nfsv4]
> [ 1615.101136] __nfs4_close+0x109/0x140 [nfsv4]
> [ 1615.101524] nfs4_close_state+0x15/0x20 [nfsv4]
> [ 1615.101949] nfs4_close_context+0x21/0x30 [nfsv4]
> [ 1615.102691] __put_nfs_open_context+0xb8/0x110 [nfs]
> [ 1615.103155] put_nfs_open_context+0x10/0x20 [nfs]
> [ 1615.103586] nfs4_file_open+0x13b/0x260 [nfsv4]
> [ 1615.103978] do_dentry_open+0x20a/0x2f0
> [ 1615.104369] ? nfs4_copy_file_range+0x30/0x30 [nfsv4]
> [ 1615.104739] vfs_open+0x4c/0x70
> [ 1615.105106] ? may_open+0x5a/0x100
> [ 1615.105469] path_openat+0x623/0x1420
> [ 1615.105823] do_filp_open+0x91/0x100
> [ 1615.106174] ? __alloc_fd+0x3f/0x170
> [ 1615.106568] do_sys_open+0x130/0x220
> [ 1615.106920] ? __put_cred+0x3d/0x50
> [ 1615.107256] SyS_open+0x1e/0x20
> [ 1615.107588] entry_SYSCALL_64_fastpath+0x1a/0xa9
> [ 1615.107922] RIP: 0033:0x7fab599069b0
> [ 1615.108247] RSP: 002b:00007ffcf0600d78 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000002
> [ 1615.108575] RAX: ffffffffffffffda RBX: 00007fab59bcfae0 RCX:
> 00007fab599069b0
> [ 1615.108896] RDX: 0000000000000200 RSI: 0000000000000200 RDI:
> 00007ffcf060255e
> [ 1615.109211] RBP: 0000000000040010 R08: 0000000000000000 R09:
> 0000000000000016
> [ 1615.109515] R10: 00000000000006a1 R11: 0000000000000246 R12:
> 0000000000041000
> [ 1615.109806] R13: 0000000000040010 R14: 0000000000001000 R15:
> 0000000000002710
> [ 1615.110152] ---[ end trace 96ed63b1306bf2f3 ]---
>
> Fixes: a974deee47 ("NFSv4: Fix memory and state leak in...")
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
> Cc: Trond Myklebust <trond.myklebust@primarydata.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
> fs/nfs/nfs4proc.c | 2 --
> 1 file changed, 2 deletions(-)
>
> --- a/fs/nfs/nfs4proc.c
> +++ b/fs/nfs/nfs4proc.c
> @@ -1995,8 +1995,6 @@ static int nfs4_opendata_access(struct r
> if ((mask & ~cache.mask & (MAY_READ | MAY_EXEC)) == 0)
> return 0;
>
> - /* even though OPEN succeeded, access is denied. Close the
> file */
> - nfs4_close_state(state, fmode);
> return -EACCES;
> }
>
>
>
--
Trond Myklebust
Linux NFS client maintainer, PrimaryData
trond.myklebust@primarydata.com
next prev parent reply other threads:[~2017-07-03 14:33 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-03 13:33 [PATCH 3.18 00/36] 3.18.60-stable review Greg Kroah-Hartman
2017-07-03 13:33 ` [PATCH 3.18 01/36] xhci: fix deadlock at host remove by running watchdog correctly Greg Kroah-Hartman
2017-07-03 13:33 ` [PATCH 3.18 02/36] ipv6: release dst on error in ip6_dst_lookup_tail Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 03/36] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 04/36] netfilter: synproxy: fix conntrackd interaction Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 05/36] net: dont call strlen on non-terminated string in dev_set_alias() Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 06/36] decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 07/36] Fix an intermittent pr_emerg warning about lo becoming free Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 08/36] net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 09/36] igmp: acquire pmc lock for ip_mc_clear_src() Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 10/36] igmp: add a missing spin_lock_init() Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 11/36] ipv6: fix calling in6_ifa_hold incorrectly for dad work Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 12/36] decnet: always not take dst->__refcnt when inserting dst into hash table Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 13/36] net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 14/36] NFSv4: fix a reference leak caused WARNING messages Greg Kroah-Hartman
2017-07-03 14:33 ` Trond Myklebust [this message]
2017-07-03 15:02 ` gregkh
2017-07-03 13:34 ` [PATCH 3.18 15/36] arm64: cpuinfo: Missing NULL terminator in compat_hwcap_str Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 16/36] MIPS: Avoid accidental raw backtrace Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 17/36] MIPS: pm-cps: Drop manual cache-line alignment of ready_count Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 18/36] MIPS: Fix IRQ tracing & lockdep when rescheduling Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 19/36] ALSA: hda - set input_path bitmap to zero after moving it to new place Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 20/36] drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 21/36] usb: gadget: f_fs: Fix possibe deadlock Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 22/36] sysctl: enable strict writes Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 23/36] mm: numa: avoid waiting on freed migrated pages Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 25/36] net: korina: Fix NAPI versus resources freeing Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 27/36] xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 28/36] xfrm: NULL dereference on allocation failure Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 29/36] xfrm: Oops on error in pfkey_msg2xfrm_state() Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 30/36] watchdog: bcm281xx: Fix use of uninitialized spinlock Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 31/36] ARM: 8685/1: ensure memblock-limit is pmd-aligned Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 32/36] iommu/vt-d: Dont over-free page table directories Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 33/36] iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid() Greg Kroah-Hartman
2017-07-03 13:34 ` [PATCH 3.18 34/36] cpufreq: s3c2416: double free on driver init error path Greg Kroah-Hartman
2017-07-03 19:34 ` [PATCH 3.18 00/36] 3.18.60-stable review Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1499092406.79205.1.camel@primarydata.com \
--to=trondmy@primarydata.com \
--cc=Anna.Schumaker@Netapp.com \
--cc=gregkh@linuxfoundation.org \
--cc=kinglongmee@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox