Patch "xprtrdma: xprt_rdma_free() must not release backchannel reqs" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 06 May 2020 17:30:01 +0200

This is a note to let you know that I've just added the patch titled

    xprtrdma: xprt_rdma_free() must not release backchannel reqs

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     xprtrdma-xprt_rdma_free-must-not-release-backchannel-reqs.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From ffc4d9b1596c34caa98962722e930e97912c8a9f Mon Sep 17 00:00:00 2001
From: Chuck Lever <chuck.lever@xxxxxxxxxx>
Date: Wed, 16 Dec 2015 17:22:14 -0500
Subject: xprtrdma: xprt_rdma_free() must not release backchannel reqs

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

commit ffc4d9b1596c34caa98962722e930e97912c8a9f upstream.

Preserve any rpcrdma_req that is attached to rpc_rqst's allocated
for the backchannel. Otherwise, after all the pre-allocated
backchannel req's are consumed, incoming backward calls start
writing on freed memory.

Somehow this hunk got lost.

Fixes: f531a5dbc451 ('xprtrdma: Pre-allocate backward rpc_rqst')
Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
Tested-by: Devesh Sharma <devesh.sharma@xxxxxxxxxxxxx>
Signed-off-by: Anna Schumaker <Anna.Schumaker@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 net/sunrpc/xprtrdma/transport.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/net/sunrpc/xprtrdma/transport.c
+++ b/net/sunrpc/xprtrdma/transport.c
@@ -576,6 +576,9 @@ xprt_rdma_free(void *buffer)
 
 	rb = container_of(buffer, struct rpcrdma_regbuf, rg_base[0]);
 	req = rb->rg_owner;
+	if (req->rl_backchannel)
+		return;
+
 	r_xprt = container_of(req->rl_buffer, struct rpcrdma_xprt, rx_buf);
 
 	dprintk("RPC:       %s: called on 0x%p\n", __func__, req->rl_reply);


Patches currently in stable-queue which might be from chuck.lever@xxxxxxxxxx are

queue-4.4/xprtrdma-fix-additional-uses-of-spin_lock_irqsave-rb_lock.patch
queue-4.4/xprtrdma-xprt_rdma_free-must-not-release-backchannel-reqs.patch
queue-4.4/xprtrdma-rpcrdma_bc_receive_call-should-init-rq_private_buf.len.patch






