Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751318AbdGPW5e (ORCPT ); Sun, 16 Jul 2017 18:57:34 -0400 Received: from us-smtp-delivery-194.mimecast.com ([63.128.21.194]:22871 "EHLO us-smtp-delivery-194.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751134AbdGPW5c (ORCPT ); Sun, 16 Jul 2017 18:57:32 -0400 From: Trond Myklebust To: "torvalds@linux-foundation.org" , "linux-kernel@vger.kernel.org" , "bfields@fieldses.org" , "linux-nfs@vger.kernel.org" , "schumaker.anna@gmail.com" , "davej@codemonkey.org.uk" , "linux-fsdevel@vger.kernel.org" Subject: Re: [GIT PULL] Please pull NFS client changes for Linux 4.13 Thread-Topic: [GIT PULL] Please pull NFS client changes for Linux 4.13 Thread-Index: AQHS/B1u2F85s8I96U27Pz1m90AG+KJTYeuAgAOXKACAABx5gA== Date: Sun, 16 Jul 2017 22:57:27 +0000 Message-ID: <1500245845.13893.3.camel@primarydata.com> References: <20170714142543.k5xcbnb4mww3sxpy@codemonkey.org.uk> <20170716211530.sx7mn35f2mhmykug@codemonkey.org.uk> In-Reply-To: <20170716211530.sx7mn35f2mhmykug@codemonkey.org.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [68.49.162.121] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;DM5PR11MB0075;20:XAbaOW9PnJaBVWzY/b+lYZJ8VXgr3CSurxkxiCKfPX/PsNdYmYThoVOc530TWi2bTJ+ySoZ+OFkqqw3yQeGqkTKe1xODH8R4/WHI4FPtWAR2UdDj9mtQjlR/jocE1NaER4uIDFJoJtS6aZqV0f1alKNZXF9XqBiEHZb+o2ntOJo= x-ms-office365-filtering-correlation-id: 976aa785-4cef-4757-9dd1-08d4cc9e07df x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:DM5PR11MB0075; x-ms-traffictypediagnostic: DM5PR11MB0075: x-exchange-antispam-report-test: UriScan:(236129657087228)(5213294742642)(247924648384137); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(2017060910075)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123560025)(20161123558100)(2016111802025)(20161123555025)(6072148)(6043046)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM5PR11MB0075;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM5PR11MB0075; x-forefront-prvs: 03706074BC x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(39400400002)(39450400003)(39410400002)(39830400002)(377424004)(24454002)(51234002)(36756003)(81166006)(305945005)(7736002)(478600001)(103116003)(53936002)(8936002)(6486002)(77096006)(25786009)(6506006)(2900100001)(2501003)(5660300001)(14454004)(53546010)(2201001)(50986999)(76176999)(2906002)(54356999)(38730400002)(575784001)(86362001)(2950100002)(3846002)(102836003)(3280700002)(39060400002)(189998001)(8676002)(6436002)(99286003)(6246003)(33646002)(66066001)(6116002)(6512007)(3660700001)(229853002);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR11MB0075;H:DM5PR11MB0075.namprd11.prod.outlook.com;FPR:;SPF:None;MLV:ovrnspm;PTR:InfoNoRecords;LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: MIME-Version: 1.0 X-OriginatorOrg: primarydata.com X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2017 22:57:27.3726 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 03193ed6-8726-4bb3-a832-18ab0d28adb7 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB0075 X-MC-Unique: tdGJBt7wPSGXg5EKgrrlfw-1 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id v6GMvdli023229 Content-Length: 3737 Lines: 117 Hi Dave, On Sun, 2017-07-16 at 17:15 -0400, Dave Jones wrote: > On Fri, Jul 14, 2017 at 10:25:43AM -0400, Dave Jones wrote: > > On Thu, Jul 13, 2017 at 05:16:24PM -0400, Anna Schumaker wrote: > > > Hi Linus, > > > > > > The following changes since commit > 32c1431eea4881a6b17bd7c639315010aeefa452: > > > > > > Linux 4.12-rc5 (2017-06-11 16:48:20 -0700) > > > > > > are available in the git repository at: > > > > > > git://git.linux-nfs.org/projects/anna/linux-nfs.git tags/nfs- > for-4.13-1 > > > > > > for you to fetch changes up to > b4f937cffa66b3d56eb8f586e620d0b223a281a3: > > > > > > NFS: Don't run wake_up_bit() when nobody is waiting... (2017- > 07-13 16:57:18 -0400) > > > > Since this landed, I'm seeing this during boot.. > > > > ================================================================= > = > > BUG: KASAN: global-out-of-bounds in strscpy+0x4a/0x230 > > Read of size 8 at addr ffffffffb4eeaf20 by task nfsd/688 > > Now that this one got fixed, this one fell out instead.. > Will dig deeper tomorrow. > > ================================================================== > BUG: KASAN: global-out-of-bounds in call_start+0x93/0x100 > Read of size 8 at addr ffffffff8d582588 by task kworker/0:1/22 > > CPU: 0 PID: 22 Comm: kworker/0:1 Not tainted 4.13.0-rc1-firewall+ #1 > Workqueue: rpciod rpc_async_schedule > Call Trace: > dump_stack+0x68/0x94 > print_address_description+0x2c/0x270 > ? call_start+0x93/0x100 > kasan_report+0x239/0x350 > __asan_load8+0x55/0x90 > call_start+0x93/0x100 > ? rpc_default_callback+0x10/0x10 > ? rpc_default_callback+0x10/0x10 > __rpc_execute+0x170/0x740 > ? rpc_wake_up_queued_task+0x50/0x50 > ? __lock_is_held+0x9f/0x110 > rpc_async_schedule+0x12/0x20 > process_one_work+0x4ba/0xb10 > ? process_one_work+0x401/0xb10 > ? pwq_dec_nr_in_flight+0x120/0x120 > worker_thread+0x91/0x670 > ? __sched_text_start+0x8/0x8 > kthread+0x1ab/0x200 > ? process_one_work+0xb10/0xb10 > ? __kthread_create_on_node+0x340/0x340 > ret_from_fork+0x27/0x40 > > The buggy address belongs to the variable: > nfs_cb_version+0x8/0x740 Does the following patch fix it? Cheers Trond 8<-------------------------------------- >From b9230cdfbbee90178a1318d20cd3373ffb758788 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Sun, 16 Jul 2017 18:52:18 -0400 Subject: [PATCH] nfsd: Fix a memory scribble in the callback channel The offset of the entry in struct rpc_version has to match the version number. Reported-by: Dave Jones Fixes: 1c5876ddbdb4 ("sunrpc: move p_count out of struct rpc_procinfo") Signed-off-by: Trond Myklebust --- fs/nfsd/nfs4callback.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index b45083c0f9ae..49b0a9e7ff18 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c @@ -720,8 +720,8 @@ static const struct rpc_version nfs_cb_version4 = { .counts = nfs4_cb_counts, }; -static const struct rpc_version *nfs_cb_version[] = { - &nfs_cb_version4, +static const struct rpc_version *nfs_cb_version[2] = { + [1] = &nfs_cb_version4, }; static const struct rpc_program cb_program; @@ -795,7 +795,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c .saddress = (struct sockaddr *) &conn->cb_saddr, .timeout = &timeparms, .program = &cb_program, - .version = 0, + .version = 1, .flags = (RPC_CLNT_CREATE_NOPING | RPC_CLNT_CREATE_QUIET), }; struct rpc_clnt *client; -- 2.13.3 -- Trond Myklebust Linux NFS client maintainer, PrimaryData trond.myklebust@primarydata.com