From patchwork Wed Aug 9 16:09:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trond Myklebust X-Patchwork-Id: 13348156 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F742C41513 for ; Wed, 9 Aug 2023 16:15:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229537AbjHIQPa (ORCPT ); Wed, 9 Aug 2023 12:15:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229501AbjHIQP3 (ORCPT ); Wed, 9 Aug 2023 12:15:29 -0400 Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A643C3 for ; Wed, 9 Aug 2023 09:15:29 -0700 (PDT) Received: by mail-qk1-x735.google.com with SMTP id af79cd13be357-76af2cb7404so3620585a.0 for ; Wed, 09 Aug 2023 09:15:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691597728; x=1692202528; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=gT7wtNe9cLvPlRssfppADRLldoXf3AYMpNL92GpsTpU=; b=n8QWsYzi4rblIYWypn9CT5qR3Tf505aqIaAHcwYtQoEoMepv1LmdPBS7LHnspvbDxt oYLjqRZp+dKwzBEeq3EZG05WoFIbnsvLx8PE0vzoFycM+CLGSRZfFI2iCIWE+ZJKzDLF 74HXpdoxdQ3nQQltNLfAMrfJCYmw3bXbpwixA+3WEp2UJDzH9w1YoJnQ7gjy6A9X5BGI VVPwelhQ3FLMVpK0vyIwEDr6fOtei0U9aLRJuW5lSfHlJk1q6OYeEHzMocMBYmjIJPJb CNaTUWcD1l9IKMVOC+bjHy409EJLhHoo+WlT1o3I6Mk9JIDLFrgI5LdtJNXcM2SRJc5X 0pww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691597728; x=1692202528; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gT7wtNe9cLvPlRssfppADRLldoXf3AYMpNL92GpsTpU=; b=Lgt9e+9lTCgFLymp2jjRIhaX2DE8JdWUTKqeELfZ7HpMbONprBFvKPKfH1Ji+ahrLp ULycV9bpGBnWN+dqM1rEOVAXQM0gKcxI9/Tgg/hGKo1FztLeJ/8wiAylR0tWLKXtaEnz hUeD//8CmHcLgxyYDSNTD3Qu6fvn2qeHgto+/7iDC03AN3QWTDZaEk99RRvHIPKyI65A jPPbYg6PgCp1v5jYErWnJokvb3xBpFvkkZK3W1sPa7eeVrBKLHthk5Mjxg2JJIOR92pK edIWzoI8/mjqr/k50SUbQ3Qpx1Yi06rW5q4JrJxPZaSJa3V0LeyP13JIb9IhJvkCtIQi hz6w== X-Gm-Message-State: AOJu0YyLSVAZGnHajW1GpVE04UONLbSHF87NCDoal0/s4ai2m5uOytGg LzggNnZCWS9pUPflE/kGAUvhC+89YqMK X-Google-Smtp-Source: AGHT+IFpfQALyK3e0IFL3n/mRP6pLx2E+8pqt+ZOM4cfkdwiEiqNc3Rm9RjmWaA57UJBGI4shQat5Q== X-Received: by 2002:a05:620a:45ab:b0:76c:c68e:8f46 with SMTP id bp43-20020a05620a45ab00b0076cc68e8f46mr4181504qkb.40.1691597727970; Wed, 09 Aug 2023 09:15:27 -0700 (PDT) Received: from localhost.localdomain (c-68-32-72-208.hsd1.mi.comcast.net. [68.32.72.208]) by smtp.gmail.com with ESMTPSA id y3-20020a37e303000000b0075b2af4a076sm4075223qki.16.2023.08.09.09.15.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 09:15:27 -0700 (PDT) From: trondmy@gmail.com X-Google-Original-From: trond.myklebust@hammerspace.com To: linux-nfs@vger.kernel.org Cc: Chris Mason Subject: [PATCH 1/2] NFS: Fix a use after free in nfs_direct_join_group() Date: Wed, 9 Aug 2023 12:09:00 -0400 Message-ID: <20230809160901.26679-1-trond.myklebust@hammerspace.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: Trond Myklebust Be more careful when tearing down the subrequests of an O_DIRECT write as part of a retransmission. Reported-by: Chris Mason Fixes: ed5d588fe47f ("NFS: Try to join page groups before an O_DIRECT retransmission") Signed-off-by: Trond Myklebust --- fs/nfs/direct.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index 9a18c5a69ace..aaffaaa336cc 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c @@ -472,20 +472,26 @@ ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter, return result; } -static void -nfs_direct_join_group(struct list_head *list, struct inode *inode) +static void nfs_direct_join_group(struct list_head *list, struct inode *inode) { - struct nfs_page *req, *next; + struct nfs_page *req, *subreq; list_for_each_entry(req, list, wb_list) { - if (req->wb_head != req || req->wb_this_page == req) + if (req->wb_head != req) continue; - for (next = req->wb_this_page; - next != req->wb_head; - next = next->wb_this_page) { - nfs_list_remove_request(next); - nfs_release_request(next); - } + subreq = req->wb_this_page; + if (subreq == req) + continue; + do { + /* + * Remove subrequests from this list before freeing + * them in the call to nfs_join_page_group(). + */ + if (!list_empty(&subreq->wb_list)) { + nfs_list_remove_request(subreq); + nfs_release_request(subreq); + } + } while ((subreq = subreq->wb_this_page) != req); nfs_join_page_group(req, inode); } } From patchwork Wed Aug 9 16:09:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trond Myklebust X-Patchwork-Id: 13348157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7299C04A94 for ; Wed, 9 Aug 2023 16:15:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229733AbjHIQPc (ORCPT ); Wed, 9 Aug 2023 12:15:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229813AbjHIQPb (ORCPT ); Wed, 9 Aug 2023 12:15:31 -0400 Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1628E10D4 for ; Wed, 9 Aug 2023 09:15:30 -0700 (PDT) Received: by mail-qk1-x72f.google.com with SMTP id af79cd13be357-7653bd3ff2fso3079985a.3 for ; Wed, 09 Aug 2023 09:15:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691597729; x=1692202529; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=I3fttE8Ka5FbAuwos3r7+GvavRagrx9NXFQXtO4C8VM=; b=drOZ6TCGfwObQp/c04AqPIZr6Tw/Uu//V6THTIqxuenN6Z47Pd4kVVzXg9hplexMsF ZCrGxm2RzetA7I7cf95vrTcqKZoqAw10P/PYk733E2trSJONM+yj4uHZBQBOJCsrGlHM WBNNxLRoPF1mG7zepYq4IEJgx2mVcAWgdB+YXgeYYjSG1E3jXrhYeh6gEz//B9lbXZDu +WY2g5dEBwI/zbIm/DOwkrVv7jtQr2f4tj/yYhyokXMBuohvzjJs56upmQWgLQ26GQ1z NEh+rYs0PSUHoxD22ECtV+G+yWCbb8MUpFyM+Sq8s156o0mG34Rn1/5Q96vFhEKZwLHn tuyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691597729; x=1692202529; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I3fttE8Ka5FbAuwos3r7+GvavRagrx9NXFQXtO4C8VM=; b=g5xZ3CGpG2XY4AY2J6NeYzl1Jj4H1ojFUK8q6vZ5CN5YFzqTZsBJ/l1kAZXWQ7LMAf lLvPvsP/JOY0YKf1AqYIFUyh542qfyT3wN5fvSnxI+2CeBN86s+zGDvvEMicNjQ+nobe qz72GzJTbu2pJXXKq3Ij9XbmmUmLQl6aMpiR2FYlbtfRT22U0Jw3bK/Qsg/rA0hZnrxo 7oSF5cpwqbnCkgZ3D+9XGVN60pf77mS5H8V/uaQ3iT9HkmwYuRR0Bb5pPFR73oDcf/al N+B1i+ng/tJtZZ4RfFIMV411WCUekE+mdBW2OLVBpowa3LA1RtHD7QQmVqRoGPt0jIgE lNnQ== X-Gm-Message-State: AOJu0YzIrfuLJpao5W61F/A04k9apWRU7hy7k+rVwma0CBdOfhV350jV dEbB25je61V0GshoFOd3Cux3PtsQvsxu X-Google-Smtp-Source: AGHT+IEhApmjBS/BBRoFLOs/hihGzBElb73CQ79jgP1ygdGLgQcbQlWBbZdWArHjPYUifZ4ojAgEXA== X-Received: by 2002:a37:ac01:0:b0:76c:9ac2:3f22 with SMTP id e1-20020a37ac01000000b0076c9ac23f22mr3348686qkm.68.1691597728965; Wed, 09 Aug 2023 09:15:28 -0700 (PDT) Received: from localhost.localdomain (c-68-32-72-208.hsd1.mi.comcast.net. [68.32.72.208]) by smtp.gmail.com with ESMTPSA id y3-20020a37e303000000b0075b2af4a076sm4075223qki.16.2023.08.09.09.15.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 09:15:28 -0700 (PDT) From: trondmy@gmail.com X-Google-Original-From: trond.myklebust@hammerspace.com To: linux-nfs@vger.kernel.org Cc: Chris Mason Subject: [PATCH 2/2] NFS: Fix a potential data corruption Date: Wed, 9 Aug 2023 12:09:01 -0400 Message-ID: <20230809160901.26679-2-trond.myklebust@hammerspace.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809160901.26679-1-trond.myklebust@hammerspace.com> References: <20230809160901.26679-1-trond.myklebust@hammerspace.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: Trond Myklebust We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we still need to add it back to the retransmission list. Add a call that mirrors the effect of nfs_cancel_remove_inode() for O_DIRECT. Fixes: ed5d588fe47f ("NFS: Try to join page groups before an O_DIRECT retransmission") Signed-off-by: Trond Myklebust --- fs/nfs/direct.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index aaffaaa336cc..9b6bfc7905f6 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c @@ -472,13 +472,30 @@ ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter, return result; } +static void nfs_direct_add_page_head(struct list_head *list, + struct nfs_page *req) +{ + struct nfs_page *head = req->wb_head; + + if (!list_empty(&head->wb_list) || !nfs_lock_request(head)) + return; + if (!list_empty(&head->wb_list)) { + nfs_unlock_request(head); + return; + } + list_add(&head->wb_list, list); + kref_get(&head->wb_kref); +} + static void nfs_direct_join_group(struct list_head *list, struct inode *inode) { struct nfs_page *req, *subreq; list_for_each_entry(req, list, wb_list) { - if (req->wb_head != req) + if (req->wb_head != req) { + nfs_direct_add_page_head(&req->wb_list, req); continue; + } subreq = req->wb_this_page; if (subreq == req) continue;