On Fri, Mar 13, 2020 at 02:05:27PM -0700, Linus Torvalds wrote:
Adding more people.
The old stable trees seem to have rather different code.
[ Goes off and looks at the stable trees ]
Petr seems entirely correct - the stable tree backport appears broken.
Because looking at that commit 67a56e9743171 in the stable tree, it
doesn't seem to match commit 4b310319c6a8 ("NFS: Fix memory leaks and
corruption in readdir") in mainline.
That stable backport looks bogus. It added that
array = kmap(page);
line from somewhere else, probably because the stable tree didn't have
the line at all, and it was there in the context.
I botched up that backport, sorry.
Because while mainline has that line to initialize array with kmap(),
in those stable trees, we have
array = nfs_readdir_get_array(page);
and as Petr says, the kmap has been done there already, and it will be
kunmap'ed by nfs_readdir_release_array().
And looking closer, this same bug seems to have happened twice: it
also exists in 0b0223f9c3a8.
But somebody else should double-check me - somebody who actually knows the code.
As to how I found the other case, do this in the stable git repo with
all the stable tags:
git log -p --no-merges --all \
--grep="NFS: Fix memory leaks and corruption in readdir"
to see all the copies of that commit backport.
Add a
-S'kmap(page)'
to that line to see the cases that added that line. Or to just get the commits:
git log --oneline --no-merges --all \
--grep="NFS: Fix memory leaks and corruption in readdir" \
-S'kmap(page)'
and the result is
67a56e974317 NFS: Fix memory leaks and corruption in readdir
0b0223f9c3a8 NFS: Fix memory leaks and corruption in readdir
I've applied to fix to the 4.9 and 4.4 trees, thank you!
--
Thanks,
Sasha
