From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Olga Kornievskaia <kolga@netapp.com>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Sasha Levin <sashal@kernel.org>,
linux-nfs@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 57/68] NFSv4.2 copy do not allocate memory under the lock
Date: Thu, 29 Nov 2018 00:55:48 -0500 [thread overview]
Message-ID: <20181129055559.159228-57-sashal@kernel.org> (raw)
In-Reply-To: <20181129055559.159228-1-sashal@kernel.org>
From: Olga Kornievskaia <kolga@netapp.com>
[ Upstream commit 99f2c55591fb5c1b536263970d98c2ebc2089906 ]
Bruce pointed out that we shouldn't allocate memory while holding
a lock in the nfs4_callback_offload() and handle_async_copy()
that deal with a racing CB_OFFLOAD and reply to COPY case.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/callback_proc.c | 22 +++++++++++-----------
fs/nfs/nfs42proc.c | 19 ++++++++++---------
2 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c
index fa515d5ea5ba..48b2e9063b0a 100644
--- a/fs/nfs/callback_proc.c
+++ b/fs/nfs/callback_proc.c
@@ -686,20 +686,24 @@ __be32 nfs4_callback_offload(void *data, void *dummy,
{
struct cb_offloadargs *args = data;
struct nfs_server *server;
- struct nfs4_copy_state *copy;
+ struct nfs4_copy_state *copy, *tmp_copy;
bool found = false;
+ copy = kzalloc(sizeof(struct nfs4_copy_state), GFP_NOFS);
+ if (!copy)
+ return htonl(NFS4ERR_SERVERFAULT);
+
spin_lock(&cps->clp->cl_lock);
rcu_read_lock();
list_for_each_entry_rcu(server, &cps->clp->cl_superblocks,
client_link) {
- list_for_each_entry(copy, &server->ss_copies, copies) {
+ list_for_each_entry(tmp_copy, &server->ss_copies, copies) {
if (memcmp(args->coa_stateid.other,
- copy->stateid.other,
+ tmp_copy->stateid.other,
sizeof(args->coa_stateid.other)))
continue;
- nfs4_copy_cb_args(copy, args);
- complete(©->completion);
+ nfs4_copy_cb_args(tmp_copy, args);
+ complete(&tmp_copy->completion);
found = true;
goto out;
}
@@ -707,15 +711,11 @@ __be32 nfs4_callback_offload(void *data, void *dummy,
out:
rcu_read_unlock();
if (!found) {
- copy = kzalloc(sizeof(struct nfs4_copy_state), GFP_NOFS);
- if (!copy) {
- spin_unlock(&cps->clp->cl_lock);
- return htonl(NFS4ERR_SERVERFAULT);
- }
memcpy(©->stateid, &args->coa_stateid, NFS4_STATEID_SIZE);
nfs4_copy_cb_args(copy, args);
list_add_tail(©->copies, &cps->clp->pending_cb_stateids);
- }
+ } else
+ kfree(copy);
spin_unlock(&cps->clp->cl_lock);
return 0;
diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
index ac5b784a1de0..fed06fd9998d 100644
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -137,31 +137,32 @@ static int handle_async_copy(struct nfs42_copy_res *res,
struct file *dst,
nfs4_stateid *src_stateid)
{
- struct nfs4_copy_state *copy;
+ struct nfs4_copy_state *copy, *tmp_copy;
int status = NFS4_OK;
bool found_pending = false;
struct nfs_open_context *ctx = nfs_file_open_context(dst);
+ copy = kzalloc(sizeof(struct nfs4_copy_state), GFP_NOFS);
+ if (!copy)
+ return -ENOMEM;
+
spin_lock(&server->nfs_client->cl_lock);
- list_for_each_entry(copy, &server->nfs_client->pending_cb_stateids,
+ list_for_each_entry(tmp_copy, &server->nfs_client->pending_cb_stateids,
copies) {
- if (memcmp(&res->write_res.stateid, ©->stateid,
+ if (memcmp(&res->write_res.stateid, &tmp_copy->stateid,
NFS4_STATEID_SIZE))
continue;
found_pending = true;
- list_del(©->copies);
+ list_del(&tmp_copy->copies);
break;
}
if (found_pending) {
spin_unlock(&server->nfs_client->cl_lock);
+ kfree(copy);
+ copy = tmp_copy;
goto out;
}
- copy = kzalloc(sizeof(struct nfs4_copy_state), GFP_NOFS);
- if (!copy) {
- spin_unlock(&server->nfs_client->cl_lock);
- return -ENOMEM;
- }
memcpy(©->stateid, &res->write_res.stateid, NFS4_STATEID_SIZE);
init_completion(©->completion);
copy->parent_state = ctx->state;
--
2.17.1
next prev parent reply other threads:[~2018-11-29 6:00 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-29 5:54 [PATCH AUTOSEL 4.19 01/68] media: vicodec: lower minimum height to 360 Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 02/68] media: cec: check for non-OK/NACK conditions while claiming a LA Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 03/68] media: omap3isp: Unregister media device as first Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 04/68] media: ipu3-cio2: Unregister device nodes first, then release resources Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 05/68] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 06/68] brcmutil: really fix decoding channel info for 160 MHz bandwidth Sasha Levin
2018-11-29 11:49 ` Kalle Valo
2018-11-29 16:54 ` Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 07/68] mt76: fix building without CONFIG_LEDS_CLASS Sasha Levin
2018-11-29 5:54 ` [PATCH AUTOSEL 4.19 08/68] iommu/ipmmu-vmsa: Fix crash on early domain free Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 09/68] scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 10/68] can: ucan: remove set but not used variable 'udev' Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 11/68] can: rcar_can: Fix erroneous registration Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 12/68] test_firmware: fix error return getting clobbered Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 13/68] HID: input: Ignore battery reported by Symbol DS4308 Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 14/68] batman-adv: Use explicit tvlv padding for ELP packets Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 15/68] batman-adv: Expand merged fragment buffer for full packet Sasha Levin
2018-11-29 10:00 ` Sergei Shtylyov
2018-11-29 10:04 ` Sergei Shtylyov
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 16/68] amd/iommu: Fix Guest Virtual APIC Log Tail Address Register Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 17/68] bnx2x: Assign unique DMAE channel number for FW DMAE transactions Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 18/68] qed: Fix PTT leak in qed_drain() Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 19/68] qed: Fix overriding offload_tc by protocols without APP TLV Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 20/68] qed: Fix rdma_info structure allocation Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 21/68] qed: Fix reading wrong value in loop condition Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 22/68] usb: dwc2: pci: Fix an error code in probe Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 23/68] Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers" Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 24/68] s390/ism: clear dmbe_mask bit before SMC IRQ handling Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 25/68] nvme-fc: resolve io failures during connect Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 26/68] bnxt_en: Fix filling time in bnxt_fill_coredump_record() Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 27/68] drm/amdgpu: Add amdgpu "max bpc" connector property (v2) Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 28/68] drm/amd/display: Support " Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 29/68] net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 30/68] net/mlx4_core: Fix uninitialized variable compilation warning Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 31/68] net/mlx4: Fix UBSAN warning of signed integer overflow Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 32/68] drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 33/68] gpio: pxa: fix legacy non pinctrl aware builds again Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 34/68] gpio: mockup: fix indicated direction Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 35/68] tc-testing: tdc.py: ignore errors when decoding stdout/stderr Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 36/68] tc-testing: tdc.py: Guard against lack of returncode in executed command Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 37/68] mtd: rawnand: qcom: Namespace prefix some commands Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 38/68] cpufreq: ti-cpufreq: Only register platform_device when supported Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 39/68] exec: make de_thread() freezable Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 40/68] ALSA: hda/ca0132 - Add new ZxR quirk Sasha Levin
2018-11-29 14:51 ` Connor McAdams
2018-12-05 16:00 ` Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 41/68] Revert "HID: uhid: use strlcpy() instead of strncpy()" Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 42/68] HID: steam: remove input device when a hid client is running Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 43/68] HID: multitouch: Add pointstick support for Cirque Touchpad Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 44/68] mtd: spi-nor: Fix Cadence QSPI page fault kernel panic Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 45/68] net: ena: fix crash during failed resume from hibernation Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 46/68] NFSv4: Fix a NFSv4 state manager deadlock Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 47/68] qed: Fix bitmap_weight() check Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 48/68] qed: Fix QM getters to always return a valid pq Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 49/68] net/ibmnvic: Fix deadlock problem in reset Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 50/68] riscv: fix warning in arch/riscv/include/asm/module.h Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 51/68] iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 52/68] iomap: sub-block dio needs to zeroout beyond EOF Sasha Levin
2018-11-29 12:19 ` Dave Chinner
2018-11-29 12:36 ` Amir Goldstein
2018-11-29 22:43 ` Dave Chinner
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 53/68] iomap: dio data corruption and spurious errors when pipes fill Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 54/68] iomap: readpages doesn't zero page tail beyond EOF Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 55/68] net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 56/68] iommu/vt-d: Use memunmap to free memremap Sasha Levin
2018-11-29 5:55 ` Sasha Levin [this message]
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 58/68] flexfiles: use per-mirror specified stateid for IO Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 59/68] net/dim: Update DIM start sample after each DIM iteration Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 60/68] net: thunderx: set xdp_prog to NULL if bpf_prog_add fails Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 61/68] ibmvnic: Fix RX queue buffer cleanup Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 62/68] ibmvnic: Update driver queues after change in ring size support Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 63/68] virtio-net: disable guest csum during XDP set Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 64/68] virtio-net: fail XDP set if guest csum is negotiated Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 65/68] team: no need to do team_notify_peers or team_mcast_rejoin when disabling port Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 66/68] net: amd: add missing of_node_put() Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 67/68] net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue Sasha Levin
2018-11-29 5:55 ` [PATCH AUTOSEL 4.19 68/68] net: gemini: Fix copy/paste error Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181129055559.159228-57-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=kolga@netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).