From patchwork Sun Jul 16 22:57:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trond Myklebust X-Patchwork-Id: 9843739 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BDC066037F for ; Sun, 16 Jul 2017 22:57:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1576269A3 for ; Sun, 16 Jul 2017 22:57:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A629C26E5D; Sun, 16 Jul 2017 22:57:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3691D269A3 for ; Sun, 16 Jul 2017 22:57:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751310AbdGPW5e (ORCPT ); Sun, 16 Jul 2017 18:57:34 -0400 Received: from us-smtp-delivery-194.mimecast.com ([63.128.21.194]:47869 "EHLO us-smtp-delivery-194.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751219AbdGPW5c (ORCPT ); Sun, 16 Jul 2017 18:57:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=PrimaryData.onmicrosoft.com; s=selector1-primarydata-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=f2huT0unIIYuOoDzKLp10Y6s5j3w4ug1O5nXP/h2riA=; b=fDyOv5oNOOO0lhWB/dT5Yu/9wkvefjt6/7XoK1VWgwLOZ4QngOEhs5ApZgwSX2BKyImF3ACUZfdBC5se/gUpFs1PlChOtDxiRqjDjk89tNQUFYnkpZsaT0/QiipbfGAt0sz+Nfq8wlig+O2r9maoapybZHrmcgitWZqqER1/nKc= Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03lp0020.outbound.protection.outlook.com [207.46.163.20]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-62-tdGJBt7wPSGXg5EKgrrlfw-1; Sun, 16 Jul 2017 18:57:30 -0400 Received: from DM5PR11MB0075.namprd11.prod.outlook.com (10.164.155.144) by DM5PR11MB0075.namprd11.prod.outlook.com (10.164.155.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Sun, 16 Jul 2017 22:57:27 +0000 Received: from DM5PR11MB0075.namprd11.prod.outlook.com ([10.164.155.144]) by DM5PR11MB0075.namprd11.prod.outlook.com ([10.164.155.144]) with mapi id 15.01.1261.022; Sun, 16 Jul 2017 22:57:27 +0000 From: Trond Myklebust To: "torvalds@linux-foundation.org" , "linux-kernel@vger.kernel.org" , "bfields@fieldses.org" , "linux-nfs@vger.kernel.org" , "schumaker.anna@gmail.com" , "davej@codemonkey.org.uk" , "linux-fsdevel@vger.kernel.org" Subject: Re: [GIT PULL] Please pull NFS client changes for Linux 4.13 Thread-Topic: [GIT PULL] Please pull NFS client changes for Linux 4.13 Thread-Index: AQHS/B1u2F85s8I96U27Pz1m90AG+KJTYeuAgAOXKACAABx5gA== Date: Sun, 16 Jul 2017 22:57:27 +0000 Message-ID: <1500245845.13893.3.camel@primarydata.com> References: <20170714142543.k5xcbnb4mww3sxpy@codemonkey.org.uk> <20170716211530.sx7mn35f2mhmykug@codemonkey.org.uk> In-Reply-To: <20170716211530.sx7mn35f2mhmykug@codemonkey.org.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [68.49.162.121] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR11MB0075; 20:XAbaOW9PnJaBVWzY/b+lYZJ8VXgr3CSurxkxiCKfPX/PsNdYmYThoVOc530TWi2bTJ+ySoZ+OFkqqw3yQeGqkTKe1xODH8R4/WHI4FPtWAR2UdDj9mtQjlR/jocE1NaER4uIDFJoJtS6aZqV0f1alKNZXF9XqBiEHZb+o2ntOJo= x-ms-office365-filtering-correlation-id: 976aa785-4cef-4757-9dd1-08d4cc9e07df x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM5PR11MB0075; x-ms-traffictypediagnostic: DM5PR11MB0075: x-exchange-antispam-report-test: UriScan:(236129657087228)(5213294742642)(247924648384137); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(2017060910075)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123560025)(20161123558100)(2016111802025)(20161123555025)(6072148)(6043046)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR11MB0075; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR11MB0075; x-forefront-prvs: 03706074BC x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39400400002)(39450400003)(39410400002)(39830400002)(377424004)(24454002)(51234002)(36756003)(81166006)(305945005)(7736002)(478600001)(103116003)(53936002)(8936002)(6486002)(77096006)(25786009)(6506006)(2900100001)(2501003)(5660300001)(14454004)(53546010)(2201001)(50986999)(76176999)(2906002)(54356999)(38730400002)(575784001)(86362001)(2950100002)(3846002)(102836003)(3280700002)(39060400002)(189998001)(8676002)(6436002)(99286003)(6246003)(33646002)(66066001)(6116002)(6512007)(3660700001)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR11MB0075; H:DM5PR11MB0075.namprd11.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: MIME-Version: 1.0 X-OriginatorOrg: primarydata.com X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2017 22:57:27.3726 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 03193ed6-8726-4bb3-a832-18ab0d28adb7 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB0075 X-MC-Unique: tdGJBt7wPSGXg5EKgrrlfw-1 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Dave, On Sun, 2017-07-16 at 17:15 -0400, Dave Jones wrote: > On Fri, Jul 14, 2017 at 10:25:43AM -0400, Dave Jones wrote: > > On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote: > > > Hi Linus, > > > > > > The following changes since commit > 32c1431eea4881a6b17bd7c639315010aeefa452: > > > > > > Linux 4.12-rc5 (2017-06-11 16:48:20 -0700) > > > > > > are available in the git repository at: > > > > > > git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs- > for-4.13-1 > > > > > > for you to fetch changes up to > b4f937cffa66b3d56eb8f586e620d0b223a281a3: > > > > > > NFS: Don't run wake_up_bit() when nobody is waiting... (2017- > 07-13 16:57:18 -0400) > > > > Since this landed, I'm seeing this during boot.. > > > > ================================================================= > = > > BUG: KASAN: global-out-of-bounds in strscpy+0x4a/0x230 > > Read of size 8 at addr ffffffffb4eeaf20 by task nfsd/688 > > Now that this one got fixed, this one fell out instead.. > Will dig deeper tomorrow. > > ================================================================== > BUG: KASAN: global-out-of-bounds in call_start+0x93/0x100 > Read of size 8 at addr ffffffff8d582588 by task kworker/0:1/22 > > CPU: 0 PID: 22 Comm: kworker/0:1 Not tainted 4.13.0-rc1-firewall+ #1 > Workqueue: rpciod rpc_async_schedule > Call Trace: > dump_stack+0x68/0x94 > print_address_description+0x2c/0x270 > ? call_start+0x93/0x100 > kasan_report+0x239/0x350 > __asan_load8+0x55/0x90 > call_start+0x93/0x100 > ? rpc_default_callback+0x10/0x10 > ? rpc_default_callback+0x10/0x10 > __rpc_execute+0x170/0x740 > ? rpc_wake_up_queued_task+0x50/0x50 > ? __lock_is_held+0x9f/0x110 > rpc_async_schedule+0x12/0x20 > process_one_work+0x4ba/0xb10 > ? process_one_work+0x401/0xb10 > ? pwq_dec_nr_in_flight+0x120/0x120 > worker_thread+0x91/0x670 > ? __sched_text_start+0x8/0x8 > kthread+0x1ab/0x200 > ? process_one_work+0xb10/0xb10 > ? __kthread_create_on_node+0x340/0x340 > ret_from_fork+0x27/0x40 > > The buggy address belongs to the variable: > nfs_cb_version+0x8/0x740 Does the following patch fix it? Cheers Trond 8<-------------------------------------- From b9230cdfbbee90178a1318d20cd3373ffb758788 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Sun, 16 Jul 2017 18:52:18 -0400 Subject: [PATCH] nfsd: Fix a memory scribble in the callback channel The offset of the entry in struct rpc_version has to match the version number. Reported-by: Dave Jones Fixes: 1c5876ddbdb4 ("sunrpc: move p_count out of struct rpc_procinfo") Signed-off-by: Trond Myklebust --- fs/nfsd/nfs4callback.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.13.3 -- Trond Myklebust Linux NFS client maintainer, PrimaryData trond.myklebust@primarydata.com diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index b45083c0f9ae..49b0a9e7ff18 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c @@ -720,8 +720,8 @@ static const struct rpc_version nfs_cb_version4 = { .counts = nfs4_cb_counts, }; -static const struct rpc_version *nfs_cb_version[] = { - &nfs_cb_version4, +static const struct rpc_version *nfs_cb_version[2] = { + [1] = &nfs_cb_version4, }; static const struct rpc_program cb_program; @@ -795,7 +795,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c .saddress = (struct sockaddr *) &conn->cb_saddr, .timeout = &timeparms, .program = &cb_program, - .version = 0, + .version = 1, .flags = (RPC_CLNT_CREATE_NOPING | RPC_CLNT_CREATE_QUIET), }; struct rpc_clnt *client;