Received: by 10.223.176.5 with SMTP id f5csp3363121wra;
        Mon, 29 Jan 2018 12:11:38 -0800 (PST)
X-Google-Smtp-Source: AH8x224eGtkkCE8YhLSomTD/Jq7DKlhsqrqo/fiKEOQEPmKg/vlF9eMIE08B3bKdQBcusr0iRJOl
X-Received: by 2002:a17:902:6ac4:: with SMTP id i4-v6mr23332965plt.304.1517256698601;
        Mon, 29 Jan 2018 12:11:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517256698; cv=none;
        d=google.com; s=arc-20160816;
        b=a8r4lT+mwUGUTBF/+im9/PSA1E8hzsWy2RiwogAquZcfsyv33B/W+HbMynWBMHAgXw
         IktAjQUbYg9HXPKWFeULYfVAYuWi4K7USjOCqIAamMeB0rw3K4uitx/Qj1h8U08O3y+v
         uCtpO4dYibKTAphs8NocuQDOeI1Ry9VPRkFh/AugTwy0CyJZh1U0Hx9SkpxUHD0cDx5D
         IWOzO3sb+xas+0EB2m33UuKpRc8Sx8lVrg7nfdmHcfrKogSfJjPJ7YmHVPeIfcg4u4tt
         /Xn+KzaufiyG0Sk58NIVVDjLLeiLc1YNuIeQHI0Ywvtjul+lpv92ImwNSrQ+/hwxQJl6
         SSKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=gW7sb4JAkMkn4+UenwF+EXU2JCoWVAj1q84Y2/upTTY=;
        b=yH5Uy0vGUjySVgp5Rqu+F7uSu+UA3eLUApIrNHyyFoMAu8tIrJJD3IF22+K7yrGBhH
         GW6MPuHydPwTEPpmakHKoF3XytYAk2L0btQfAFtVPTAzGqrbct5dqNYHBANH0h8I7Qch
         x8IyN4/V7BqWpcaqLsnXRyypEW8zc2uNWUxepA6loaMLh/kz+sE9EiGsazNDMHphwaKd
         8aoSZf4/JLuKcz31RaE0catJnsQHZj5gAiTGSaBiipN/LSlVmL2gc5lbM2siumwezllQ
         +Y3a3fJtX2nhM1R7UTJ0JakBnO4nXfxvW2YgG3RB3sKuB+uJ7tkY736KRY+AksAocmeM
         6b7g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h187si11443pgc.531.2018.01.29.12.11.24;
        Mon, 29 Jan 2018 12:11:38 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753618AbeA2ULB (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 29 Jan 2018 15:11:01 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:58590 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753568AbeA2UK7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jan 2018 15:10:59 -0500
Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id CD6A02F84;
        Mon, 29 Jan 2018 13:05:24 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Martin Brandenburg <martin@omnibond.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.9 03/66] orangefs: initialize op on loop restart in orangefs_devreq_read
Date:   Mon, 29 Jan 2018 13:56:27 +0100
Message-Id: <20180129123840.031212635@linuxfoundation.org>
X-Mailer: git-send-email 2.16.1
In-Reply-To: <20180129123839.842860149@linuxfoundation.org>
References: <20180129123839.842860149@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Martin Brandenburg <martin@omnibond.com>

commit a0ec1ded22e6a6bc41981fae22406835b006a66e upstream.

In orangefs_devreq_read, there is a loop which picks an op off the list
of pending ops.  If the loop fails to find an op, there is nothing to
read, and it returns EAGAIN.  If the op has been given up on, the loop
is restarted via a goto.  The bug is that the variable which the found
op is written to is not reinitialized, so if there are no more eligible
ops on the list, the code runs again on the already handled op.

This is triggered by interrupting a process while the op is being copied
to the client-core.  It's a fairly small window, but it's there.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/orangefs/devorangefs-req.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/orangefs/devorangefs-req.c
+++ b/fs/orangefs/devorangefs-req.c
@@ -161,7 +161,7 @@ static ssize_t orangefs_devreq_read(stru
 	struct orangefs_kernel_op_s *op, *temp;
 	__s32 proto_ver = ORANGEFS_KERNEL_PROTO_VERSION;
 	static __s32 magic = ORANGEFS_DEVREQ_MAGIC;
-	struct orangefs_kernel_op_s *cur_op = NULL;
+	struct orangefs_kernel_op_s *cur_op;
 	unsigned long ret;
 
 	/* We do not support blocking IO. */
@@ -181,6 +181,7 @@ static ssize_t orangefs_devreq_read(stru
 	}
 
 restart:
+	cur_op = NULL;
 	/* Get next op (if any) from top of list. */
 	spin_lock(&orangefs_request_list_lock);
 	list_for_each_entry_safe(op, temp, &orangefs_request_list, list) {