Hello Linus- This pull request contains a number of crasher fixes that were not ready for the initial pull request last week. In particular, Jeff's patch attempts to address reference count underflows in NFSD's filecache, which have been very difficult to track down because there is no reliable reproducer. Common failure modes: - https://bugzilla.kernel.org/show_bug.cgi?id=216691#c11 - https://bugzilla.kernel.org/show_bug.cgi?id=216674#c6 - https://bugzilla.redhat.com/show_bug.cgi?id=2138605 The race windows were found by inspection and the clean-ups appear sensible and pass regression testing, so we include them here in the hope that they address the problem. However we remain vigilant because we don't have 100% certainty yet that the problem is fully addressed. --- Pull request follows --- The following changes since commit e78e274eb22d966258a3845acc71d3c5b8ee2ea8: NFSD: Avoid clashing function prototypes (2022-12-10 11:01:13 -0500) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git tags/nfsd-6.2-1 for you to fetch changes up to 75333d48f92256a0dec91dbf07835e804fc411c0: NFSD: fix use-after-free in __nfs42_ssc_open() (2022-12-14 10:11:54 -0500) ---------------------------------------------------------------- nfsd-6.2 supplement: - Address numerous reports of refcount underflows in NFSD's filecache - Address a UAF in callback setup error handling - Address a UAF during server-to-server copy ---------------------------------------------------------------- Dai Ngo (1): NFSD: fix use-after-free in __nfs42_ssc_open() Dan Aloni (1): nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure Jeff Layton (1): nfsd: rework refcounting in filecache fs/nfsd/filecache.c | 328 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------ fs/nfsd/nfs4callback.c | 4 ++- fs/nfsd/nfs4proc.c | 20 ++++--------- fs/nfsd/trace.h | 51 ++++++++++++-------------------- 4 files changed, 202 insertions(+), 201 deletions(-) -- Chuck Lever
