kernel/linux.git/fs/nfs, branch linux-6.0.yLinux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=linux-6.0.y2022-12-31T12:26:46+00:00nfs: fix possible null-ptr-deref when parsing param2022-12-31T12:26:46+00:00Hawkins Jiaweiyin31149@gmail.com2022-10-23T16:39:45+00:00urn:sha1:46819f604557fe7bc39a6c352fd368371aa9cd6e
[ Upstream commit 5559405df652008e56eee88872126fe4c451da67 ]
According to commit "vfs: parse: deal with zero length string value",
kernel will set the param->string to null pointer in vfs_parse_fs_string()
if fs string has zero length.
Yet the problem is that, nfs_fs_context_parse_param() will dereferences the
param->string, without checking whether it is a null pointer, which may
trigger a null-ptr-deref bug.
This patch solves it by adding sanity check on param->string
in nfs_fs_context_parse_param().
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4.x: Fail client initialisation if state manager thread can't run2022-12-31T12:26:09+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-12-06T17:42:59+00:00urn:sha1:10d873d2c548831193c71812fa68592c3b884cd3
[ Upstream commit b4e4f66901658fae0614dea5bf91062a5387eda7 ]
If the state manager thread fails to start, then we should just mark the
client initialisation as failed so that other processes or threads don't
get stuck in nfs_wait_client_init_complete().
Reported-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Fixes: 4697bd5e9419 ("NFSv4: Fix a race in the net namespace mount notification")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFS: Allow very small rsize & wsize again2022-12-31T12:26:09+00:00Anna SchumakerAnna.Schumaker@Netapp.com2022-11-30T20:30:47+00:00urn:sha1:836669d8c03125e87d77c20c91631c3535e3f9ee
[ Upstream commit a60214c2465493aac0b014d87ee19327b6204c42 ]
940261a19508 introduced nfs_io_size() to clamp the iosize to a multiple
of PAGE_SIZE. This had the unintended side effect of no longer allowing
iosizes less than a page, which could be useful in some situations.
UDP already has an exception that causes it to fall back on the
power-of-two style sizes instead. This patch adds an additional
exception for very small iosizes.
Reported-by: Jeff Layton <jlayton@kernel.org>
Fixes: 940261a19508 ("NFS: Allow setting rsize / wsize to a multiple of PAGE_SIZE")
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4.2: Set the correct size scratch buffer for decoding READ_PLUS2022-12-31T12:26:09+00:00Anna SchumakerAnna.Schumaker@Netapp.com2022-11-30T18:15:25+00:00urn:sha1:099f5b74b872cc275fcf1055acbc5d83e6428bd8
[ Upstream commit 36357fe74ef736524a29fbd3952948768510a8b9 ]
The scratch_buf array is 16 bytes, but I was passing 32 to the
xdr_set_scratch_buffer() function. Fix this by using sizeof(), which is
what I probably should have been doing this whole time.
Fixes: d3b00a802c84 ("NFS: Replace the READ_PLUS decoding code")
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFS: Fix an Oops in nfs_d_automount()2022-12-31T12:26:05+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-11-14T22:30:39+00:00urn:sha1:b6fd25d64b0de27991d6bd677f0adf69ad6ff07a
[ Upstream commit 35e3b6ae84935d0d7ff76cbdaa83411b0ad5e471 ]
When mounting from a NFSv4 referral, path->dentry can end up being a
negative dentry, so derive the struct nfs_server from the dentry
itself instead.
Fixes: 2b0143b5c986 ("VFS: normal filesystems (and lustre): d_inode() annotations")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn2022-12-31T12:26:04+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-11-04T17:20:01+00:00urn:sha1:85ee7f51bf90f26a56de6b430641497af2301671
[ Upstream commit 51069e4aef6257b0454057359faed0ab0c9af083 ]
If we're asked to recover open state while a delegation return is
outstanding, then the state manager thread cannot use a cached open, so
if the server returns a delegation, we can end up deadlocked behind the
pending delegreturn.
To avoid this problem, let's just ask the server not to give us a
delegation unless we're explicitly reclaiming one.
Fixes: be36e185bd26 ("NFSv4: nfs4_open_recover_helper() must set share access")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4: Fix a credential leak in _nfs4_discover_trunking()2022-12-31T12:26:04+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-10-27T20:50:12+00:00urn:sha1:dfad5d5e7511933c2ae3d12a8131840074c5a73d
[ Upstream commit e83458fce080dc23c25353a1af90bfecf79c7369 ]
Fixes: 4f40a5b55446 ("NFSv4: Add an fattr allocation to _nfs4_discover_trunking()")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4.2: Fix initialisation of struct nfs4_label2022-12-31T12:26:04+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-10-19T17:12:11+00:00urn:sha1:5db9d1522369051d52b492e5dc226782bb530e39
[ Upstream commit c528f70f504434eaff993a5ddd52203a2010d51f ]
The call to nfs4_label_init_security() should return a fully initialised
label.
Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4.2: Fix a memory stomp in decode_attr_security_label2022-12-31T12:26:04+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-10-18T22:21:14+00:00urn:sha1:01aabe3cff9c458db5ea29f65df0719d9cb78879
[ Upstream commit 43c1031f7110967c240cb6e922adcfc4b8899183 ]
We must not change the value of label->len if it is zero, since that
indicates we stored a label.
Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
NFSv4.2: Always decode the security label2022-12-31T12:26:04+00:00Trond Myklebusttrond.myklebust@hammerspace.com2022-10-18T21:41:30+00:00urn:sha1:739c5c8ec7710aeb660d52d73d02b30b8163d91a
[ Upstream commit c8a62f440229ae7a10874776344dfcc17d860336 ]
If the server returns a reply that includes a security label, then we
must decode it whether or not we can store the results.
Fixes: 1e2f67da8931 ("NFS: Remove the nfs4_label argument from decode_getattr_*() functions")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>