forked from Minki/linux
NFS client bugfixes for Linux 3.9
- Stable fix for memory corruption issues in nfs4[01]_walk_client_list - Stable fix for an Oopsable bug in rpc_clone_client - Another state manager deadlock in the NFSv4 open code - Memory leaks in nfs4_discover_server_trunking and rpc_new_client -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAABAgAGBQJRZYu9AAoJEGcL54qWCgDySfwP/R2IdO2nfRzmDCPtvD6pPg8T l8Gf97Z/8A3g6WwfvmKNt48D1fKnhAcOaKTZQIZuZePAjI/Yy74DFMof6paiDmsO 8hMcZgvunZotPwmBmhIwmLOxDYgbpdizDBlITsimnUQLrv78bMw2F/cNCcThYgTI Q4sNpZsl4kk1nmOYK/tGBCCkq6mIQhc95QeQPgnl2B/NozpZiIqgzrpWpSWMofn2 cuSLiuEdmpCdJbgQaPEjSWf+doo/nBn720+Xj2RjmLhTTnWUtAsouElAdMs96Jjz cEhSll3nLIygr1xdFF7CD8qFjpbtg/YNhKw3HBCFAgHjrAjr+a3N+eHQOz9QQ6W4 5OL3Mj0VEkvMrK1Sy76smynQJMJhrsn852Zo2wK2mCp+mHNZlBlML529Y4PJy2Ba Up4MteIaOTpKGSnBdzWmqPqro9glqlhrUk/o3XipCzIziWC8yDYjl2J9Ez8B7Ren uzvBeevYRX9AmQlmZUAPvx8+xVqA6cr0X2q8/6PqPnrNXP6Ff8+rm6gvH4VozyzJ qd/r7Bf1ozFXxoKQOztSiGjI5YiBp4DRXycR5td6eF3nZJipmbxY+WKllhaAakn6 UY2NsGX2zfxkJMltqd2/xRmHtN+Eif1Uoo35pvzNxzBtPsRxBMIiPhGLglQu98Yj 2NuwfT4//UNfS6JlBe6E =kBf2 -----END PGP SIGNATURE----- Merge tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client bugfixes from Trond Myklebust: - fix for memory corruption issues in nfs4[01]_walk_client_list (stable) - fix for an Oopsable bug in rpc_clone_client (stable) - another state manager deadlock in the NFSv4 open code - memory leaks in nfs4_discover_server_trunking and rpc_new_client * tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Fix another potential state manager deadlock SUNRPC: Fix a potential memory leak in rpc_new_client NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list NFSv4: Fix a memory leak in nfs4_discover_server_trunking SUNRPC: Remove extra xprt_put()
This commit is contained in:
Linus Torvalds
commit
f94eeb423b
@ -300,7 +300,7 @@ int nfs40_walk_client_list(struct nfs_client *new,
|
||||
struct rpc_cred *cred)
|
||||
{
|
||||
struct nfs_net *nn = net_generic(new->cl_net, nfs_net_id);
|
||||
struct nfs_client *pos, *n, *prev = NULL;
|
||||
struct nfs_client *pos, *prev = NULL;
|
||||
struct nfs4_setclientid_res clid = {
|
||||
.clientid = new->cl_clientid,
|
||||
.confirm = new->cl_confirm,
|
||||
@ -308,10 +308,23 @@ int nfs40_walk_client_list(struct nfs_client *new,
|
||||
int status = -NFS4ERR_STALE_CLIENTID;
|
||||
|
||||
spin_lock(&nn->nfs_client_lock);
|
||||
list_for_each_entry_safe(pos, n, &nn->nfs_client_list, cl_share_link) {
|
||||
list_for_each_entry(pos, &nn->nfs_client_list, cl_share_link) {
|
||||
/* If "pos" isn't marked ready, we can't trust the
|
||||
* remaining fields in "pos" */
|
||||
if (pos->cl_cons_state < NFS_CS_READY)
|
||||
if (pos->cl_cons_state > NFS_CS_READY) {
|
||||
atomic_inc(&pos->cl_count);
|
||||
spin_unlock(&nn->nfs_client_lock);
|
||||
|
||||
if (prev)
|
||||
nfs_put_client(prev);
|
||||
prev = pos;
|
||||
|
||||
status = nfs_wait_client_init_complete(pos);
|
||||
spin_lock(&nn->nfs_client_lock);
|
||||
if (status < 0)
|
||||
continue;
|
||||
}
|
||||
if (pos->cl_cons_state != NFS_CS_READY)
|
||||
continue;
|
||||
|
||||
if (pos->rpc_ops != new->rpc_ops)
|
||||
@ -423,16 +436,16 @@ int nfs41_walk_client_list(struct nfs_client *new,
|
||||
struct rpc_cred *cred)
|
||||
{
|
||||
struct nfs_net *nn = net_generic(new->cl_net, nfs_net_id);
|
||||
struct nfs_client *pos, *n, *prev = NULL;
|
||||
struct nfs_client *pos, *prev = NULL;
|
||||
int status = -NFS4ERR_STALE_CLIENTID;
|
||||
|
||||
spin_lock(&nn->nfs_client_lock);
|
||||
list_for_each_entry_safe(pos, n, &nn->nfs_client_list, cl_share_link) {
|
||||
list_for_each_entry(pos, &nn->nfs_client_list, cl_share_link) {
|
||||
/* If "pos" isn't marked ready, we can't trust the
|
||||
* remaining fields in "pos", especially the client
|
||||
* ID and serverowner fields. Wait for CREATE_SESSION
|
||||
* to finish. */
|
||||
if (pos->cl_cons_state < NFS_CS_READY) {
|
||||
if (pos->cl_cons_state > NFS_CS_READY) {
|
||||
atomic_inc(&pos->cl_count);
|
||||
spin_unlock(&nn->nfs_client_lock);
|
||||
|
||||
@ -440,18 +453,17 @@ int nfs41_walk_client_list(struct nfs_client *new,
|
||||
nfs_put_client(prev);
|
||||
prev = pos;
|
||||
|
||||
nfs4_schedule_lease_recovery(pos);
|
||||
status = nfs_wait_client_init_complete(pos);
|
||||
if (status < 0) {
|
||||
nfs_put_client(pos);
|
||||
spin_lock(&nn->nfs_client_lock);
|
||||
continue;
|
||||
if (status == 0) {
|
||||
nfs4_schedule_lease_recovery(pos);
|
||||
status = nfs4_wait_clnt_recover(pos);
|
||||
}
|
||||
status = pos->cl_cons_state;
|
||||
spin_lock(&nn->nfs_client_lock);
|
||||
if (status < 0)
|
||||
continue;
|
||||
}
|
||||
if (pos->cl_cons_state != NFS_CS_READY)
|
||||
continue;
|
||||
|
||||
if (pos->rpc_ops != new->rpc_ops)
|
||||
continue;
|
||||
@ -469,17 +481,17 @@ int nfs41_walk_client_list(struct nfs_client *new,
|
||||
continue;
|
||||
|
||||
atomic_inc(&pos->cl_count);
|
||||
spin_unlock(&nn->nfs_client_lock);
|
||||
*result = pos;
|
||||
dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n",
|
||||
__func__, pos, atomic_read(&pos->cl_count));
|
||||
|
||||
*result = pos;
|
||||
return 0;
|
||||
break;
|
||||
}
|
||||
|
||||
/* No matching nfs_client found. */
|
||||
spin_unlock(&nn->nfs_client_lock);
|
||||
dprintk("NFS: <-- %s status = %d\n", __func__, status);
|
||||
if (prev)
|
||||
nfs_put_client(prev);
|
||||
return status;
|
||||
}
|
||||
#endif /* CONFIG_NFS_V4_1 */
|
||||
|
||||
@ -1046,6 +1046,7 @@ static struct nfs4_state *nfs4_try_open_cached(struct nfs4_opendata *opendata)
|
||||
/* Save the delegation */
|
||||
nfs4_stateid_copy(&stateid, &delegation->stateid);
|
||||
rcu_read_unlock();
|
||||
nfs_release_seqid(opendata->o_arg.seqid);
|
||||
ret = nfs_may_open(state->inode, state->owner->so_cred, open_mode);
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
|
||||
@ -1886,7 +1886,13 @@ again:
|
||||
status = PTR_ERR(clnt);
|
||||
break;
|
||||
}
|
||||
clp->cl_rpcclient = clnt;
|
||||
/* Note: this is safe because we haven't yet marked the
|
||||
* client as ready, so we are the only user of
|
||||
* clp->cl_rpcclient
|
||||
*/
|
||||
clnt = xchg(&clp->cl_rpcclient, clnt);
|
||||
rpc_shutdown_client(clnt);
|
||||
clnt = clp->cl_rpcclient;
|
||||
goto again;
|
||||
|
||||
case -NFS4ERR_MINOR_VERS_MISMATCH:
|
||||
|
||||
@ -304,10 +304,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru
|
||||
err = rpciod_up();
|
||||
if (err)
|
||||
goto out_no_rpciod;
|
||||
err = -EINVAL;
|
||||
if (!xprt)
|
||||
goto out_no_xprt;
|
||||
|
||||
err = -EINVAL;
|
||||
if (args->version >= program->nrvers)
|
||||
goto out_err;
|
||||
version = program->version[args->version];
|
||||
@ -382,10 +380,9 @@ out_no_principal:
|
||||
out_no_stats:
|
||||
kfree(clnt);
|
||||
out_err:
|
||||
xprt_put(xprt);
|
||||
out_no_xprt:
|
||||
rpciod_down();
|
||||
out_no_rpciod:
|
||||
xprt_put(xprt);
|
||||
return ERR_PTR(err);
|
||||
}
|
||||
|
||||
@ -512,7 +509,7 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
|
||||
new = rpc_new_client(args, xprt);
|
||||
if (IS_ERR(new)) {
|
||||
err = PTR_ERR(new);
|
||||
goto out_put;
|
||||
goto out_err;
|
||||
}
|
||||
|
||||
atomic_inc(&clnt->cl_count);
|
||||
@ -525,8 +522,6 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
|
||||
new->cl_chatty = clnt->cl_chatty;
|
||||
return new;
|
||||
|
||||
out_put:
|
||||
xprt_put(xprt);
|
||||
out_err:
|
||||
dprintk("RPC: %s: returned error %d\n", __func__, err);
|
||||
return ERR_PTR(err);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user