* FAILED: patch "[PATCH] nfsd: Fix another OPEN stateid race" failed to apply to 4.4-stable tree
@ 2017-12-04 9:13 gregkh
2017-12-04 13:21 ` Andrew W Elble
0 siblings, 1 reply; 4+ messages in thread
From: gregkh @ 2017-12-04 9:13 UTC (permalink / raw)
To: trond.myklebust, aweits, bfields; +Cc: stable
The patch below does not apply to the 4.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0 Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust@primarydata.com>
Date: Fri, 3 Nov 2017 08:00:11 -0400
Subject: [PATCH] nfsd: Fix another OPEN stateid race
If nfsd4_process_open2() is initialising a new stateid, and yet the
call to nfs4_get_vfs_file() fails for some reason, then we must
declare the stateid closed, and unhash it before dropping the mutex.
Right now, we unhash the stateid after dropping the mutex, and without
changing the stateid type, meaning that another OPEN could theoretically
look it up and attempt to use it.
Reported-by: Andrew W Elble <aweits@rit.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index ee8fde2dfa92..457f0e7ece74 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4502,6 +4502,7 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
struct nfs4_ol_stateid *stp = NULL;
struct nfs4_delegation *dp = NULL;
__be32 status;
+ bool new_stp = false;
/*
* Lookup file; if found, lookup stateid and check open request,
@@ -4521,11 +4522,19 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
goto out;
}
+ if (!stp) {
+ stp = init_open_stateid(fp, open);
+ if (!open->op_stp)
+ new_stp = true;
+ }
+
/*
* OPEN the file, or upgrade an existing OPEN.
* If truncate fails, the OPEN fails.
+ *
+ * stp is already locked.
*/
- if (stp) {
+ if (!new_stp) {
/* Stateid was found, this is an OPEN upgrade */
status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
if (status) {
@@ -4533,22 +4542,11 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
goto out;
}
} else {
- /* stp is returned locked. */
- stp = init_open_stateid(fp, open);
- /* See if we lost the race to some other thread */
- if (stp->st_access_bmap != 0) {
- status = nfs4_upgrade_open(rqstp, fp, current_fh,
- stp, open);
- if (status) {
- mutex_unlock(&stp->st_mutex);
- goto out;
- }
- goto upgrade_out;
- }
status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open);
if (status) {
- mutex_unlock(&stp->st_mutex);
+ stp->st_stid.sc_type = NFS4_CLOSED_STID;
release_open_stateid(stp);
+ mutex_unlock(&stp->st_mutex);
goto out;
}
@@ -4557,7 +4555,7 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
if (stp->st_clnt_odstate == open->op_odstate)
open->op_odstate = NULL;
}
-upgrade_out:
+
nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
mutex_unlock(&stp->st_mutex);
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: FAILED: patch "[PATCH] nfsd: Fix another OPEN stateid race" failed to apply to 4.4-stable tree
2017-12-04 9:13 FAILED: patch "[PATCH] nfsd: Fix another OPEN stateid race" failed to apply to 4.4-stable tree gregkh
@ 2017-12-04 13:21 ` Andrew W Elble
2017-12-04 13:59 ` Greg KH
2017-12-04 18:59 ` J. Bruce Fields
0 siblings, 2 replies; 4+ messages in thread
From: Andrew W Elble @ 2017-12-04 13:21 UTC (permalink / raw)
To: gregkh; +Cc: trond.myklebust, bfields, stable
<gregkh@linuxfoundation.org> writes:
> The patch below does not apply to the 4.4-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> thanks,
>
> greg k-h
Greg,
These backport cleanly if you cherry-pick 8c7245abda first:
commit 8c7245abda877d4689b3371db8ae2a4400d7d9ce
then
commit 15ca08d3299682dc49bad73251677b2c5017ef08
then
commit d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0
Thanks,
Andy
>
> ------------------ original commit in Linus's tree ------------------
>
>>>From d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0 Mon Sep 17 00:00:00 2001
> From: Trond Myklebust <trond.myklebust@primarydata.com>
> Date: Fri, 3 Nov 2017 08:00:11 -0400
> Subject: [PATCH] nfsd: Fix another OPEN stateid race
>
> If nfsd4_process_open2() is initialising a new stateid, and yet the
> call to nfs4_get_vfs_file() fails for some reason, then we must
> declare the stateid closed, and unhash it before dropping the mutex.
>
> Right now, we unhash the stateid after dropping the mutex, and without
> changing the stateid type, meaning that another OPEN could theoretically
> look it up and attempt to use it.
>
> Reported-by: Andrew W Elble <aweits@rit.edu>
> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
> Cc: stable@vger.kernel.org
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
>
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index ee8fde2dfa92..457f0e7ece74 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -4502,6 +4502,7 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
> struct nfs4_ol_stateid *stp = NULL;
> struct nfs4_delegation *dp = NULL;
> __be32 status;
> + bool new_stp = false;
>
> /*
> * Lookup file; if found, lookup stateid and check open request,
> @@ -4521,11 +4522,19 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
> goto out;
> }
>
> + if (!stp) {
> + stp = init_open_stateid(fp, open);
> + if (!open->op_stp)
> + new_stp = true;
> + }
> +
> /*
> * OPEN the file, or upgrade an existing OPEN.
> * If truncate fails, the OPEN fails.
> + *
> + * stp is already locked.
> */
> - if (stp) {
> + if (!new_stp) {
> /* Stateid was found, this is an OPEN upgrade */
> status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
> if (status) {
> @@ -4533,22 +4542,11 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
> goto out;
> }
> } else {
> - /* stp is returned locked. */
> - stp = init_open_stateid(fp, open);
> - /* See if we lost the race to some other thread */
> - if (stp->st_access_bmap != 0) {
> - status = nfs4_upgrade_open(rqstp, fp, current_fh,
> - stp, open);
> - if (status) {
> - mutex_unlock(&stp->st_mutex);
> - goto out;
> - }
> - goto upgrade_out;
> - }
> status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open);
> if (status) {
> - mutex_unlock(&stp->st_mutex);
> + stp->st_stid.sc_type = NFS4_CLOSED_STID;
> release_open_stateid(stp);
> + mutex_unlock(&stp->st_mutex);
> goto out;
> }
>
> @@ -4557,7 +4555,7 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf
> if (stp->st_clnt_odstate == open->op_odstate)
> open->op_odstate = NULL;
> }
> -upgrade_out:
> +
> nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
> mutex_unlock(&stp->st_mutex);
>
>
--
Andrew W. Elble
aweits@discipline.rit.edu
Infrastructure Engineer, Communications Technical Lead
Rochester Institute of Technology
PGP: BFAD 8461 4CCF DC95 DA2C B0EB 965B 082E 863E C912
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: FAILED: patch "[PATCH] nfsd: Fix another OPEN stateid race" failed to apply to 4.4-stable tree
2017-12-04 13:21 ` Andrew W Elble
@ 2017-12-04 13:59 ` Greg KH
2017-12-04 18:59 ` J. Bruce Fields
1 sibling, 0 replies; 4+ messages in thread
From: Greg KH @ 2017-12-04 13:59 UTC (permalink / raw)
To: Andrew W Elble; +Cc: trond.myklebust, bfields, stable
On Mon, Dec 04, 2017 at 08:21:34AM -0500, Andrew W Elble wrote:
> <gregkh@linuxfoundation.org> writes:
>
> > The patch below does not apply to the 4.4-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> >
> > thanks,
> >
> > greg k-h
>
> Greg,
>
> These backport cleanly if you cherry-pick 8c7245abda first:
>
> commit 8c7245abda877d4689b3371db8ae2a4400d7d9ce
> then
> commit 15ca08d3299682dc49bad73251677b2c5017ef08
> then
> commit d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0
Wonderful, that worked!
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FAILED: patch "[PATCH] nfsd: Fix another OPEN stateid race" failed to apply to 4.4-stable tree
2017-12-04 13:21 ` Andrew W Elble
2017-12-04 13:59 ` Greg KH
@ 2017-12-04 18:59 ` J. Bruce Fields
1 sibling, 0 replies; 4+ messages in thread
From: J. Bruce Fields @ 2017-12-04 18:59 UTC (permalink / raw)
To: Andrew W Elble; +Cc: gregkh, trond.myklebust, stable
On Mon, Dec 04, 2017 at 08:21:34AM -0500, Andrew W Elble wrote:
> <gregkh@linuxfoundation.org> writes:
>
> > The patch below does not apply to the 4.4-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> >
> > thanks,
> >
> > greg k-h
>
> Greg,
>
> These backport cleanly if you cherry-pick 8c7245abda first:
>
> commit 8c7245abda877d4689b3371db8ae2a4400d7d9ce
> then
> commit 15ca08d3299682dc49bad73251677b2c5017ef08
> then
> commit d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0
Looks right to me. Thanks, Andy!
--b.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-12-04 18:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-04 9:13 FAILED: patch "[PATCH] nfsd: Fix another OPEN stateid race" failed to apply to 4.4-stable tree gregkh
2017-12-04 13:21 ` Andrew W Elble
2017-12-04 13:59 ` Greg KH
2017-12-04 18:59 ` J. Bruce Fields
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).