Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp830426pxb;
        Tue, 3 Nov 2020 13:47:07 -0800 (PST)
X-Google-Smtp-Source: ABdhPJySCxjLfmp0G7v+gm2YseHscD7k7cConvYyYr9EVm/UoTBk5U9RPybbIJFLReBTAO6cZ7c5
X-Received: by 2002:a17:906:f1d8:: with SMTP id gx24mr10203414ejb.73.1604440027353;
        Tue, 03 Nov 2020 13:47:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1604440027; cv=none;
        d=google.com; s=arc-20160816;
        b=VP1vebUTArhFSoB+pBP8XL6FvU8cluIjdtJUJdWZLvMC6AoBf1X+CQSSXPHhgeCf37
         4PN/rqbmnG+Whobfhsaf3VxcaiTwqfesolGr4Rw6OxJmfPQBNSeNiopz29t/F1xXYFlu
         WH+xtFvCzKqISXsHl8/72Sa48HCIb5lSLa0wN7jtA0KnteGQovlLgmm+/FZraA16Yyrs
         2IdU97Bci+rUtRhw/xsnDjf3SWe5tMgVvHve6NkHreXvg1h09wR2PHVTYN5hBigVm5dr
         r0Iytl8xboL6axEPRLANFC0zomB4r5UBVA3uDDV8qJsupNanu0gLDaUCFV+pP4EKpilA
         289Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=GD83wgNMp8G3eHp8EfSN/TCqQ64/ZpUGEcobUekp0AQ=;
        b=zMzjoSyqvnY7omDZkbp9t0dekvLlAbLxN80bJGapXNAfAJCkPfhgdOvCY2o10T5Gkr
         EKmGVm0zMdnMkRCRrYjsX+quoq+yywnBx5ZhCc9m+oa5/q3oQqU3N18Mqni7ZK5XMfM3
         MK8KIFDAJAWVO82akxqg2xXwOyNlLflDGSA3oUaXRHps9gTqDPiGPFS795+7duWxAew/
         BklyC+dKs14ewFr0rtjP63+zuU+Nglh/Gg9FbBvxNU51CjAa/8l85QcK222DmlLbJlG3
         keUuz3nXaoSmD4AKXZzQCBBh7jQ111cmypYf95wAK+re3AmXpWPQujFPEuVRh7Pnbm+4
         4/8A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="b/2AfoOR";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i4si1667988edj.561.2020.11.03.13.46.43;
        Tue, 03 Nov 2020 13:47:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="b/2AfoOR";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733072AbgKCVn3 (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Tue, 3 Nov 2020 16:43:29 -0500
Received: from mail.kernel.org ([198.145.29.99]:53870 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731467AbgKCUyh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Nov 2020 15:54:37 -0500
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id EB93E22226;
        Tue,  3 Nov 2020 20:54:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1604436876;
        bh=+zjhC+SY9x0UcnddOQQdGdNbZTXkyEyOReG0l49mG6I=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=b/2AfoOR9lT0O+xJ0HEoLrREpyrS3xW+HjrlTStcabCvQjsG+f30iIp4VPHzn8c79
         o8jvQBWrs6mlnJO9Yvc9Txk7nrL4nUEO0aa9M/2QMJYllPrML1HEPfJOdfU8ECHayd
         e6LAwqs/EQzosiQr8zyKcUYkP5ye0UTObuXa9UB0=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Dave Wysochanski <dwysocha@redhat.com>,
        Anna Schumaker <Anna.Schumaker@Netapp.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 032/214] NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source
Date:   Tue,  3 Nov 2020 21:34:40 +0100
Message-Id: <20201103203253.102109463@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201103203249.448706377@linuxfoundation.org>
References: <20201103203249.448706377@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Dave Wysochanski <dwysocha@redhat.com>

[ Upstream commit d8a6ad913c286d4763ae20b14c02fe6f39d7cd9f ]

The following oops is seen during xfstest/565 when the 'test'
(source of the copy) is NFS4.0 and 'scratch' (destination) is NFS4.2
[   59.692458] run fstests generic/565 at 2020-08-01 05:50:35
[   60.613588] BUG: kernel NULL pointer dereference, address: 0000000000000008
[   60.624970] #PF: supervisor read access in kernel mode
[   60.627671] #PF: error_code(0x0000) - not-present page
[   60.630347] PGD 0 P4D 0
[   60.631853] Oops: 0000 [#1] SMP PTI
[   60.634086] CPU: 6 PID: 2828 Comm: xfs_io Kdump: loaded Not tainted 5.8.0-rc3 #1
[   60.637676] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[   60.639901] RIP: 0010:nfs4_check_serverowner_major_id+0x5/0x30 [nfsv4]
[   60.642719] Code: 89 ff e8 3e b3 b8 e1 e9 71 fe ff ff 41 bc da d8 ff ff e9 c3 fe ff ff e8 e9 9d 08 e2 66 0f 1f 84 00 00 00 00 00 66 66 66 66 90 <8b> 57 08 31 c0 3b 56 08 75 12 48 83 c6 0c 48 83 c7 0c e8 c4 97 bb
[   60.652629] RSP: 0018:ffffc265417f7e10 EFLAGS: 00010287
[   60.655379] RAX: ffffa0664b066400 RBX: 0000000000000000 RCX: 0000000000000001
[   60.658754] RDX: ffffa066725fb000 RSI: ffffa066725fd000 RDI: 0000000000000000
[   60.662292] RBP: 0000000000020000 R08: 0000000000020000 R09: 0000000000000000
[   60.666189] R10: 0000000000000003 R11: 0000000000000000 R12: ffffa06648258d00
[   60.669914] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa06648258100
[   60.673645] FS:  00007faa9fb35800(0000) GS:ffffa06677d80000(0000) knlGS:0000000000000000
[   60.677698] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.680773] CR2: 0000000000000008 CR3: 0000000203f14000 CR4: 00000000000406e0
[   60.684476] Call Trace:
[   60.685809]  nfs4_copy_file_range+0xfc/0x230 [nfsv4]
[   60.688704]  vfs_copy_file_range+0x2ee/0x310
[   60.691104]  __x64_sys_copy_file_range+0xd6/0x210
[   60.693527]  do_syscall_64+0x4d/0x90
[   60.695512]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   60.698006] RIP: 0033:0x7faa9febc1bd

Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfs/nfs4file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c
index 534b6fd70ffdb..6b31cb5f9c9db 100644
--- a/fs/nfs/nfs4file.c
+++ b/fs/nfs/nfs4file.c
@@ -138,7 +138,8 @@ static ssize_t __nfs4_copy_file_range(struct file *file_in, loff_t pos_in,
 	/* Only offload copy if superblock is the same */
 	if (file_inode(file_in)->i_sb != file_inode(file_out)->i_sb)
 		return -EXDEV;
-	if (!nfs_server_capable(file_inode(file_out), NFS_CAP_COPY))
+	if (!nfs_server_capable(file_inode(file_out), NFS_CAP_COPY) ||
+	    !nfs_server_capable(file_inode(file_in), NFS_CAP_COPY))
 		return -EOPNOTSUPP;
 	if (file_inode(file_in) == file_inode(file_out))
 		return -EOPNOTSUPP;
-- 
2.27.0