NFSv4: Fix an Oops in the NFSv4 getacl code
This commit is contained in:
parent
cd70fad7ef
commit
e9f72477ec
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||||||
# For non-released -rc kernels, this will be appended after the rcX and
|
# For non-released -rc kernels, this will be appended after the rcX and
|
||||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||||
#
|
#
|
||||||
%global baserelease 2
|
%global baserelease 3
|
||||||
%global fedora_build %{baserelease}
|
%global fedora_build %{baserelease}
|
||||||
|
|
||||||
# base_sublevel is the kernel version we're starting with and patching
|
# base_sublevel is the kernel version we're starting with and patching
|
||||||
@ -734,6 +734,8 @@ Patch14000: hibernate-freeze-filesystems.patch
|
|||||||
|
|
||||||
Patch14010: lis3-improve-handling-of-null-rate.patch
|
Patch14010: lis3-improve-handling-of-null-rate.patch
|
||||||
|
|
||||||
|
Patch14020: nfs-oops-getacl.patch
|
||||||
|
|
||||||
Patch20000: utrace.patch
|
Patch20000: utrace.patch
|
||||||
|
|
||||||
# Flattened devicetree support
|
# Flattened devicetree support
|
||||||
@ -1455,6 +1457,8 @@ ApplyPatch hibernate-freeze-filesystems.patch
|
|||||||
|
|
||||||
ApplyPatch lis3-improve-handling-of-null-rate.patch
|
ApplyPatch lis3-improve-handling-of-null-rate.patch
|
||||||
|
|
||||||
|
ApplyPatch nfs-oops-getacl.patch
|
||||||
|
|
||||||
# utrace.
|
# utrace.
|
||||||
ApplyPatch utrace.patch
|
ApplyPatch utrace.patch
|
||||||
|
|
||||||
@ -2366,6 +2370,9 @@ fi
|
|||||||
# ||----w |
|
# ||----w |
|
||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 20 2012 Dave Jones <davej@redhat.com>
|
||||||
|
- NFSv4: Fix an Oops in the NFSv4 getacl code
|
||||||
|
|
||||||
* Mon Feb 20 2012 Josh Boyer <jwboyer@gmail.com> - 3.3.0-0.rc4.git0.2
|
* Mon Feb 20 2012 Josh Boyer <jwboyer@gmail.com> - 3.3.0-0.rc4.git0.2
|
||||||
- Reenable debugging options.
|
- Reenable debugging options.
|
||||||
|
|
||||||
|
96
nfs-oops-getacl.patch
Normal file
96
nfs-oops-getacl.patch
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
From 331818f1c468a24e581aedcbe52af799366a9dfe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Trond Myklebust <Trond.Myklebust@netapp.com>
|
||||||
|
Date: Fri, 3 Feb 2012 18:30:53 -0500
|
||||||
|
Subject: [PATCH] NFSv4: Fix an Oops in the NFSv4 getacl code
|
||||||
|
|
||||||
|
Commit bf118a342f10dafe44b14451a1392c3254629a1f (NFSv4: include bitmap
|
||||||
|
in nfsv4 get acl data) introduces the 'acl_scratch' page for the case
|
||||||
|
where we may need to decode multi-page data. However it fails to take
|
||||||
|
into account the fact that the variable may be NULL (for the case where
|
||||||
|
we're not doing multi-page decode), and it also attaches it to the
|
||||||
|
encoding xdr_stream rather than the decoding one.
|
||||||
|
|
||||||
|
The immediate result is an Oops in nfs4_xdr_enc_getacl due to the
|
||||||
|
call to page_address() with a NULL page pointer.
|
||||||
|
|
||||||
|
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
||||||
|
Cc: Andy Adamson <andros@netapp.com>
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
---
|
||||||
|
fs/nfs/nfs4proc.c | 8 ++++----
|
||||||
|
fs/nfs/nfs4xdr.c | 5 ++++-
|
||||||
|
include/linux/nfs_xdr.h | 2 +-
|
||||||
|
3 files changed, 9 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
|
||||||
|
index f0c849c..d202e04 100644
|
||||||
|
--- a/fs/nfs/nfs4proc.c
|
||||||
|
+++ b/fs/nfs/nfs4proc.c
|
||||||
|
@@ -3575,8 +3575,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu
|
||||||
|
}
|
||||||
|
if (npages > 1) {
|
||||||
|
/* for decoding across pages */
|
||||||
|
- args.acl_scratch = alloc_page(GFP_KERNEL);
|
||||||
|
- if (!args.acl_scratch)
|
||||||
|
+ res.acl_scratch = alloc_page(GFP_KERNEL);
|
||||||
|
+ if (!res.acl_scratch)
|
||||||
|
goto out_free;
|
||||||
|
}
|
||||||
|
args.acl_len = npages * PAGE_SIZE;
|
||||||
|
@@ -3612,8 +3612,8 @@ out_free:
|
||||||
|
for (i = 0; i < npages; i++)
|
||||||
|
if (pages[i])
|
||||||
|
__free_page(pages[i]);
|
||||||
|
- if (args.acl_scratch)
|
||||||
|
- __free_page(args.acl_scratch);
|
||||||
|
+ if (res.acl_scratch)
|
||||||
|
+ __free_page(res.acl_scratch);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
|
||||||
|
index 95e92e4..33bd8d0 100644
|
||||||
|
--- a/fs/nfs/nfs4xdr.c
|
||||||
|
+++ b/fs/nfs/nfs4xdr.c
|
||||||
|
@@ -2522,7 +2522,6 @@ static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr,
|
||||||
|
|
||||||
|
xdr_inline_pages(&req->rq_rcv_buf, replen << 2,
|
||||||
|
args->acl_pages, args->acl_pgbase, args->acl_len);
|
||||||
|
- xdr_set_scratch_buffer(xdr, page_address(args->acl_scratch), PAGE_SIZE);
|
||||||
|
|
||||||
|
encode_nops(&hdr);
|
||||||
|
}
|
||||||
|
@@ -6032,6 +6031,10 @@ nfs4_xdr_dec_getacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
|
||||||
|
struct compound_hdr hdr;
|
||||||
|
int status;
|
||||||
|
|
||||||
|
+ if (res->acl_scratch != NULL) {
|
||||||
|
+ void *p = page_address(res->acl_scratch);
|
||||||
|
+ xdr_set_scratch_buffer(xdr, p, PAGE_SIZE);
|
||||||
|
+ }
|
||||||
|
status = decode_compound_hdr(xdr, &hdr);
|
||||||
|
if (status)
|
||||||
|
goto out;
|
||||||
|
diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
|
||||||
|
index a764cef..d6ba9a1 100644
|
||||||
|
--- a/include/linux/nfs_xdr.h
|
||||||
|
+++ b/include/linux/nfs_xdr.h
|
||||||
|
@@ -614,7 +614,6 @@ struct nfs_getaclargs {
|
||||||
|
size_t acl_len;
|
||||||
|
unsigned int acl_pgbase;
|
||||||
|
struct page ** acl_pages;
|
||||||
|
- struct page * acl_scratch;
|
||||||
|
struct nfs4_sequence_args seq_args;
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -624,6 +623,7 @@ struct nfs_getaclres {
|
||||||
|
size_t acl_len;
|
||||||
|
size_t acl_data_offset;
|
||||||
|
int acl_flags;
|
||||||
|
+ struct page * acl_scratch;
|
||||||
|
struct nfs4_sequence_res seq_res;
|
||||||
|
};
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.4.1
|
||||||
|
|
Loading…
Reference in New Issue
Block a user