55 lines
1.8 KiB
Diff
55 lines
1.8 KiB
Diff
From b86dbf455d75ce54314efc826364259b8a87a8d0 Mon Sep 17 00:00:00 2001
|
|
From: Olga Kornievskaia <okorniev@redhat.com>
|
|
Date: Mon, 3 Mar 2025 12:09:08 -0500
|
|
Subject: [PATCH] NFSD: fix hang in nfsd4_shutdown_callback
|
|
|
|
JIRA: https://issues.redhat.com/browse/RHEL-81291
|
|
CVE: CVE-2025-21795
|
|
|
|
commit 036ac2778f7b28885814c6fbc07e156ad1624d03
|
|
Author: Dai Ngo <dai.ngo@oracle.com>
|
|
Date: Thu Jan 30 11:01:27 2025 -0800
|
|
|
|
NFSD: fix hang in nfsd4_shutdown_callback
|
|
|
|
If nfs4_client is in courtesy state then there is no point to send
|
|
the callback. This causes nfsd4_shutdown_callback to hang since
|
|
cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP
|
|
notifies NFSD that the connection was dropped.
|
|
|
|
This patch modifies nfsd4_run_cb_work to skip the RPC call if
|
|
nfs4_client is in courtesy state.
|
|
|
|
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
|
|
Fixes: 66af25799940 ("NFSD: add courteous server support for thread with only delegation")
|
|
Cc: stable@vger.kernel.org
|
|
Reviewed-by: Jeff Layton <jlayton@kernel.org>
|
|
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
|
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
|
|
---
|
|
fs/nfsd/nfs4callback.c | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
|
|
index 0d7cc2f9a8e07..d8eed853d528d 100644
|
|
--- a/fs/nfsd/nfs4callback.c
|
|
+++ b/fs/nfsd/nfs4callback.c
|
|
@@ -1480,8 +1480,11 @@ nfsd4_run_cb_work(struct work_struct *work)
|
|
nfsd4_process_cb_update(cb);
|
|
|
|
clnt = clp->cl_cb_client;
|
|
- if (!clnt) {
|
|
- /* Callback channel broken, or client killed; give up: */
|
|
+ if (!clnt || clp->cl_state == NFSD4_COURTESY) {
|
|
+ /*
|
|
+ * Callback channel broken, client killed or
|
|
+ * nfs4_client in courtesy state; give up.
|
|
+ */
|
|
nfsd41_destroy_cb(cb);
|
|
return;
|
|
}
|
|
--
|
|
GitLab
|
|
|