commit 673fdfe3f0630b03f3854d0361b1232f2e5ef7fb

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge tag 'nfs-for-3.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes:
- Stable fix for data corruption when retransmitting O_DIRECT writes
- Stable fix for a deep recursion/stack overflow bug in rpc_release_client
- Stable fix for infinite looping when mounting a NFSv4.x volume
- Fix a typo in the nfs mount option parser
- Allow pNFS layouts to be compiled into the kernel when NFSv4.1 is

* tag 'nfs-for-3.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
nfs: fix pnfs Kconfig defaults
NFS: correctly report misuse of "migration" mount option.
nfs: don't retry detect_trunking with RPC_AUTH_UNIX more than once
SUNRPC: Avoid deep recursion in rpc_release_client
SUNRPC: Fix a data corruption issue when retransmitting RPC calls

Linus Torvalds 12 years ago 673fdfe3 73d75ba9

+48 -24

5 changed files

expand all

unified split

nfs

Kconfig

nfs4state.c

super.c

net

sunrpc

clnt.c

xprtsock.c

+3 -3

fs/nfs/Kconfig

··· 116 116 config PNFS_FILE_LAYOUT 117 117 tristate 118 118 depends on NFS_V4_1 119 - default m 119 + default NFS_V4 120 120 121 121 config PNFS_BLOCK 122 122 tristate 123 123 depends on NFS_V4_1 && BLK_DEV_DM 124 - default m 124 + default NFS_V4 125 125 126 126 config PNFS_OBJLAYOUT 127 127 tristate 128 128 depends on NFS_V4_1 && SCSI_OSD_ULD 129 - default m 129 + default NFS_V4 130 130 131 131 config NFS_V4_1_IMPLEMENTATION_ID_DOMAIN 132 132 string "NFSv4.1 Implementation ID Domain"

+6 -1

fs/nfs/nfs4state.c

··· 2093 2093 nfs4_root_machine_cred(clp); 2094 2094 goto again; 2095 2095 } 2096 - if (i > 2) 2096 + if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) 2097 2097 break; 2098 2098 case -NFS4ERR_CLID_INUSE: 2099 2099 case -NFS4ERR_WRONGSEC: 2100 + /* No point in retrying if we already used RPC_AUTH_UNIX */ 2101 + if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) { 2102 + status = -EPERM; 2103 + break; 2104 + } 2100 2105 clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX); 2101 2106 if (IS_ERR(clnt)) { 2102 2107 status = PTR_ERR(clnt);

+1 -1

fs/nfs/super.c

··· 1614 1614 goto out_minorversion_mismatch; 1615 1615 1616 1616 if (mnt->options & NFS_OPTION_MIGRATION && 1617 - mnt->version != 4 && mnt->minorversion != 0) 1617 + (mnt->version != 4 || mnt->minorversion != 0)) 1618 1618 goto out_migration_misuse; 1619 1619 1620 1620 /*

+17 -12

net/sunrpc/clnt.c

··· 750 750 /* 751 751 * Free an RPC client 752 752 */ 753 - static void 753 + static struct rpc_clnt * 754 754 rpc_free_client(struct rpc_clnt *clnt) 755 755 { 756 + struct rpc_clnt *parent = NULL; 757 + 756 758 dprintk_rcu("RPC: destroying %s client for %s\n", 757 759 clnt->cl_program->name, 758 760 rcu_dereference(clnt->cl_xprt)->servername); 759 761 if (clnt->cl_parent != clnt) 760 - rpc_release_client(clnt->cl_parent); 762 + parent = clnt->cl_parent; 761 763 rpc_clnt_remove_pipedir(clnt); 762 764 rpc_unregister_client(clnt); 763 765 rpc_free_iostats(clnt->cl_metrics); ··· 768 766 rpciod_down(); 769 767 rpc_free_clid(clnt); 770 768 kfree(clnt); 769 + return parent; 771 770 } 772 771 773 772 /* 774 773 * Free an RPC client 775 774 */ 776 - static void 775 + static struct rpc_clnt * 777 776 rpc_free_auth(struct rpc_clnt *clnt) 778 777 { 779 - if (clnt->cl_auth == NULL) { 780 - rpc_free_client(clnt); 781 - return; 782 - } 778 + if (clnt->cl_auth == NULL) 779 + return rpc_free_client(clnt); 783 780 784 781 /* 785 782 * Note: RPCSEC_GSS may need to send NULL RPC calls in order to ··· 789 788 rpcauth_release(clnt->cl_auth); 790 789 clnt->cl_auth = NULL; 791 790 if (atomic_dec_and_test(&clnt->cl_count)) 792 - rpc_free_client(clnt); 791 + return rpc_free_client(clnt); 792 + return NULL; 793 793 } 794 794 795 795 /* ··· 801 799 { 802 800 dprintk("RPC: rpc_release_client(%p)\n", clnt); 803 801 804 - if (list_empty(&clnt->cl_tasks)) 805 - wake_up(&destroy_wait); 806 - if (atomic_dec_and_test(&clnt->cl_count)) 807 - rpc_free_auth(clnt); 802 + do { 803 + if (list_empty(&clnt->cl_tasks)) 804 + wake_up(&destroy_wait); 805 + if (!atomic_dec_and_test(&clnt->cl_count)) 806 + break; 807 + clnt = rpc_free_auth(clnt); 808 + } while (clnt != NULL); 808 809 } 809 810 EXPORT_SYMBOL_GPL(rpc_release_client); 810 811

+21 -7

net/sunrpc/xprtsock.c

··· 393 393 return kernel_sendmsg(sock, &msg, NULL, 0, 0); 394 394 } 395 395 396 - static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more) 396 + static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy) 397 397 { 398 + ssize_t (*do_sendpage)(struct socket *sock, struct page *page, 399 + int offset, size_t size, int flags); 398 400 struct page **ppage; 399 401 unsigned int remainder; 400 402 int err, sent = 0; ··· 405 403 base += xdr->page_base; 406 404 ppage = xdr->pages + (base >> PAGE_SHIFT); 407 405 base &= ~PAGE_MASK; 406 + do_sendpage = sock->ops->sendpage; 407 + if (!zerocopy) 408 + do_sendpage = sock_no_sendpage; 408 409 for(;;) { 409 410 unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder); 410 411 int flags = XS_SENDMSG_FLAGS; ··· 415 410 remainder -= len; 416 411 if (remainder != 0 || more) 417 412 flags |= MSG_MORE; 418 - err = sock->ops->sendpage(sock, *ppage, base, len, flags); 413 + err = do_sendpage(sock, *ppage, base, len, flags); 419 414 if (remainder == 0 || err != len) 420 415 break; 421 416 sent += err; ··· 436 431 * @addrlen: UDP only -- length of destination address 437 432 * @xdr: buffer containing this request 438 433 * @base: starting position in the buffer 434 + * @zerocopy: true if it is safe to use sendpage() 439 435 * 440 436 */ 441 - static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base) 437 + static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy) 442 438 { 443 439 unsigned int remainder = xdr->len - base; 444 440 int err, sent = 0; ··· 467 461 if (base < xdr->page_len) { 468 462 unsigned int len = xdr->page_len - base; 469 463 remainder -= len; 470 - err = xs_send_pagedata(sock, xdr, base, remainder != 0); 464 + err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy); 471 465 if (remainder == 0 || err != len) 472 466 goto out; 473 467 sent += err; ··· 570 564 req->rq_svec->iov_base, req->rq_svec->iov_len); 571 565 572 566 status = xs_sendpages(transport->sock, NULL, 0, 573 - xdr, req->rq_bytes_sent); 567 + xdr, req->rq_bytes_sent, true); 574 568 dprintk("RPC: %s(%u) = %d\n", 575 569 __func__, xdr->len - req->rq_bytes_sent, status); 576 570 if (likely(status >= 0)) { ··· 626 620 status = xs_sendpages(transport->sock, 627 621 xs_addr(xprt), 628 622 xprt->addrlen, xdr, 629 - req->rq_bytes_sent); 623 + req->rq_bytes_sent, true); 630 624 631 625 dprintk("RPC: xs_udp_send_request(%u) = %d\n", 632 626 xdr->len - req->rq_bytes_sent, status); ··· 699 693 struct rpc_xprt *xprt = req->rq_xprt; 700 694 struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); 701 695 struct xdr_buf *xdr = &req->rq_snd_buf; 696 + bool zerocopy = true; 702 697 int status; 703 698 704 699 xs_encode_stream_record_marker(&req->rq_snd_buf); ··· 707 700 xs_pktdump("packet data:", 708 701 req->rq_svec->iov_base, 709 702 req->rq_svec->iov_len); 703 + /* Don't use zero copy if this is a resend. If the RPC call 704 + * completes while the socket holds a reference to the pages, 705 + * then we may end up resending corrupted data. 706 + */ 707 + if (task->tk_flags & RPC_TASK_SENT) 708 + zerocopy = false; 710 709 711 710 /* Continue transmitting the packet/record. We must be careful 712 711 * to cope with writespace callbacks arriving _after_ we have 713 712 * called sendmsg(). */ 714 713 while (1) { 715 714 status = xs_sendpages(transport->sock, 716 - NULL, 0, xdr, req->rq_bytes_sent); 715 + NULL, 0, xdr, req->rq_bytes_sent, 716 + zerocopy); 717 717 718 718 dprintk("RPC: xs_tcp_send_request(%u) = %d\n", 719 719 xdr->len - req->rq_bytes_sent, status);