This is a note to let you know that I've just added the patch titled
SUNRPC: Reinitialise the backchannel request buffers before reuse
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
sunrpc-reinitialise-the-backchannel-request-buffers-before-reuse.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 6622e3a73112fc336c1c2c582428fb5ef18e456a Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
Date: Wed, 27 Jul 2022 12:27:54 -0400
Subject: SUNRPC: Reinitialise the backchannel request buffers before reuse
From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
commit 6622e3a73112fc336c1c2c582428fb5ef18e456a upstream.
When we're reusing the backchannel requests instead of freeing them,
then we should reinitialise any values of the send/receive xdr_bufs so
that they reflect the available space.
Fixes: 0d2a970d0ae5 ("SUNRPC: Fix a backchannel race")
Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/sunrpc/backchannel_rqst.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/net/sunrpc/backchannel_rqst.c
+++ b/net/sunrpc/backchannel_rqst.c
@@ -64,6 +64,17 @@ static void xprt_free_allocation(struct
kfree(req);
}
+static void xprt_bc_reinit_xdr_buf(struct xdr_buf *buf)
+{
+ buf->head[0].iov_len = PAGE_SIZE;
+ buf->tail[0].iov_len = 0;
+ buf->pages = NULL;
+ buf->page_len = 0;
+ buf->flags = 0;
+ buf->len = 0;
+ buf->buflen = PAGE_SIZE;
+}
+
static int xprt_alloc_xdr_buf(struct xdr_buf *buf, gfp_t gfp_flags)
{
struct page *page;
@@ -292,6 +303,9 @@ void xprt_free_bc_rqst(struct rpc_rqst *
*/
spin_lock_bh(&xprt->bc_pa_lock);
if (xprt_need_to_requeue(xprt)) {
+ xprt_bc_reinit_xdr_buf(&req->rq_snd_buf);
+ xprt_bc_reinit_xdr_buf(&req->rq_rcv_buf);
+ req->rq_rcv_buf.len = PAGE_SIZE;
list_add_tail(&req->rq_bc_pa_list, &xprt->bc_pa_list);
xprt->bc_alloc_count++;
atomic_inc(&xprt->bc_slot_count);
Patches currently in stable-queue which might be from trond.myklebust@xxxxxxxxxxxxxxx are
queue-5.10/nfsv4-pnfs-fix-a-use-after-free-bug-in-open.patch
queue-5.10/nfsv4.1-handle-nfs4err_delay-replies-to-op_sequence-correctly.patch
queue-5.10/nfsv4.1-don-t-decrease-the-value-of-seq_nr_highest_sent.patch
queue-5.10/nfsv4.1-reclaim_complete-must-handle-eacces.patch
queue-5.10/sunrpc-reinitialise-the-backchannel-request-buffers-before-reuse.patch
queue-5.10/sunrpc-fix-expiry-of-auth-creds.patch
queue-5.10/nfsv4-fix-races-in-the-legacy-idmapper-upcall.patch
