Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3813407ybb; Mon, 23 Mar 2020 08:10:04 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuw729AtNDGh4Z2gV7YR3OxBa4fSgCJLhQ8guJD3alwWDnhOP9QR0rBK4U1cfb2LCL2pFED X-Received: by 2002:aca:5041:: with SMTP id e62mr434019oib.146.1584976204158; Mon, 23 Mar 2020 08:10:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584976204; cv=none; d=google.com; s=arc-20160816; b=QFH+Q3bDVKSPwH7ZG8VCBnHPupWwbtamLI0TWi2Q4XRVYRReCBE228ZdG6khNtpQKG hStliWBal1IJzDsTBblVA25PRPVe0YKz1/IMZwMfR6xtmoHqzOAA9gjpGbqGxcizmZP6 Lznw9t9lGq83ttmr/jQPVc99mVAeL63nt9O4Bs7RGDIoQFn2OG5ARr9XoyYNAb6wpkoC Lq99UFmL61rkB5IRdvF92OVuPJiAgqPECKBmRgWnUHzWlRWyR0jLNkRw0MHfwHTS1CxW DMJ1C2vV6YXv7AbXo9UiIPrLbPrjyPe6Sa8gWNkUFBUGWA0dtZfJUeFrm8rFC5WLn3JF iFPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=vR/mNKJSb3FVAxCBiiSAjKSmF5hK3GAkovfAYmkEdh4=; b=mNcI1OHOkrKstPNz8f+AGziKi7KqP5EB/yyDhxAfK9y/66RAevb28jpjyI5JV0avYy 6taDbEvdJZaF+YQ2O5QdejPX+Okl+NSBWJSdavJmfv8yb6EhPkDRq+spTToFhck3NtVg 8DmHD365mbBWAi2VpMqEucEgTuybTJD734vFK2EdgjlfGTo4PGh8V4zYIWgmjVNnJH9v f0orQbemPS1PBANpvnHbxbFYaO6Q/FIQkcfqxLnTnh1YBEABCaE3FY/Dwe1zJNyuqo0V Uv4EfbHqLvCi+0FMblnkGVmJZwXf0KxxM8LanOHGk778PlynO2F4+zzaVfz/aZHWN2PY 9tmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fPj376rV; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f18si7359591oti.289.2020.03.23.08.09.22; Mon, 23 Mar 2020 08:10:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fPj376rV; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725900AbgCWPJV (ORCPT + 99 others); Mon, 23 Mar 2020 11:09:21 -0400 Received: from us-smtp-delivery-74.mimecast.com ([216.205.24.74]:37634 "EHLO us-smtp-delivery-74.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725861AbgCWPJV (ORCPT ); Mon, 23 Mar 2020 11:09:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1584976160; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=vR/mNKJSb3FVAxCBiiSAjKSmF5hK3GAkovfAYmkEdh4=; b=fPj376rV0ehS1y8ugmaziXnKYObVh1+IoSH6MnzHnS8CYx3+7F/8rRKf+Pj/6jq+/aSheR AZ23FRsOLNqj70KIn3sgMCULnjbrY0qRWeF4/T6RYWUy7BzGyGhB6Btst9Nc2WV3KilhXb oabdTivJ8MMaV5rNcVxIMnrspH+86BQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-345-Zw8fKO6LMvmqE0b_h1nNFw-1; Mon, 23 Mar 2020 11:09:14 -0400 X-MC-Unique: Zw8fKO6LMvmqE0b_h1nNFw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AD23518B640A; Mon, 23 Mar 2020 15:09:12 +0000 (UTC) Received: from pick.fieldses.org (ovpn-120-198.rdu2.redhat.com [10.10.120.198]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7C1DE5DA7C; Mon, 23 Mar 2020 15:09:12 +0000 (UTC) Received: by pick.fieldses.org (Postfix, from userid 2815) id 307401201F8; Mon, 23 Mar 2020 11:09:11 -0400 (EDT) Date: Mon, 23 Mar 2020 11:09:11 -0400 From: "J. Bruce Fields" To: Chuck Lever Cc: Vasily Averin , Jeff Layton , Linux NFS Mailing List Subject: Re: [PATCH] nfsd: memory corruption in nfsd4_lock() Message-ID: <20200323150911.GA64741@pick.fieldses.org> References: <5B820E18-763C-4562-9F50-56A0F1894406@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5B820E18-763C-4562-9F50-56A0F1894406@oracle.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Mon, Mar 23, 2020 at 09:50:34AM -0400, Chuck Lever wrote: > > > > On Mar 23, 2020, at 3:55 AM, Vasily Averin wrote: > > > > New struct nfsd4_blocked_lock allocated in find_or_allocate_block() > > does not initialised nbl_list and nbl_lru. > > If conflock allocation fails rollback can call list_del_init() > > access uninitialized fields and corrupt memory. > > > > Fixes: 76d348fadff5 ("nfsd: have nfsd4_lock use blocking locks for v4.1+ lock") > > Signed-off-by: Vasily Averin > > --- > > fs/nfsd/nfs4state.c | 32 +++++++++++++++----------------- > > 1 file changed, 15 insertions(+), 17 deletions(-) > > > > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c > > index 369e574c5092..176ef8d24fae 100644 > > --- a/fs/nfsd/nfs4state.c > > +++ b/fs/nfsd/nfs4state.c > > @@ -6524,6 +6524,13 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, > > goto out; > > } > > > > + conflock = locks_alloc_lock(); > > + if (!conflock) { > > + dprintk("NFSD: %s: unable to allocate lock!\n", __func__); > > + status = nfserr_jukebox; > > + goto out; > > + } > > Nit: What do people think about removing this dprintk() as part of the fix? I don't think we want a dprintk every place we kmalloc. All for removing them.--b.