Re: Patch "nfsd: fix oops when reading pool_stats before server is started" has been added to the 6.9-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 24 Jun 2024, stable@xxxxxxxxxxxxxxx wrote:
> This is a note to let you know that I've just added the patch titled
> 
>     nfsd: fix oops when reading pool_stats before server is started
> 
> to the 6.9-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      nfsd-fix-oops-when-reading-pool_stats-before-server-.patch
> and it can be found in the queue-6.9 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@xxxxxxxxxxxxxxx> know about it.

I feel this should not be added to the stable tree.

It moves at test on a field protected by a mutex outside of the
protection of that mutex, and so is obviously racey.

Depending on how the race goes, si->serv might be NULL when dereferenced
in svc_pool_stats_start(), or svc_pool_stats_stop() might unlock a mutex
that hadn't been locked.

I'll post a revert and a better fix for mainline.

Thanks,
NeilBrown

> 
> 
> 
> commit 388a527c6cf55bde74bc0891d0b4c38f50d896be
> Author: Jeff Layton <jlayton@xxxxxxxxxx>
> Date:   Mon Jun 17 07:54:08 2024 -0400
> 
>     nfsd: fix oops when reading pool_stats before server is started
>     
>     [ Upstream commit 8e948c365d9c10b685d1deb946bd833d6a9b43e0 ]
>     
>     Sourbh reported an oops that is triggerable by trying to read the
>     pool_stats procfile before nfsd had been started. Move the check for a
>     NULL serv in svc_pool_stats_start above the mutex acquisition, and fix
>     the stop routine not to unlock the mutex if there is no serv yet.
>     
>     Fixes: 7b207ccd9833 ("svc: don't hold reference for poolstats, only mutex.")
>     Reported-by: Sourabh Jain <sourabhjain@xxxxxxxxxxxxx>
>     Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
>     Tested-by: Sourabh Jain <sourabhjain@xxxxxxxxxxxxx>
>     Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
>     Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> 
> diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
> index b4a85a227bd7d..1a2982051f986 100644
> --- a/net/sunrpc/svc_xprt.c
> +++ b/net/sunrpc/svc_xprt.c
> @@ -1371,12 +1371,13 @@ static void *svc_pool_stats_start(struct seq_file *m, loff_t *pos)
>  
>  	dprintk("svc_pool_stats_start, *pidx=%u\n", pidx);
>  
> +	if (!si->serv)
> +		return NULL;
> +
>  	mutex_lock(si->mutex);
>  
>  	if (!pidx)
>  		return SEQ_START_TOKEN;
> -	if (!si->serv)
> -		return NULL;
>  	return pidx > si->serv->sv_nrpools ? NULL
>  		: &si->serv->sv_pools[pidx - 1];
>  }
> @@ -1408,7 +1409,8 @@ static void svc_pool_stats_stop(struct seq_file *m, void *p)
>  {
>  	struct svc_info *si = m->private;
>  
> -	mutex_unlock(si->mutex);
> +	if (si->serv)
> +		mutex_unlock(si->mutex);
>  }
>  
>  static int svc_pool_stats_show(struct seq_file *m, void *p)
> 






[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux