linux-hardened/net/sunrpc
Jeff Layton b3ecba0967 sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor
Bruce reported that he was seeing the following BUG pop:

    BUG: sleeping function called from invalid context at mm/slab.c:2846
    in_atomic(): 0, irqs_disabled(): 0, pid: 4539, name: mount.nfs
    2 locks held by mount.nfs/4539:
    #0:  (nfs_clid_init_mutex){+.+.+.}, at: [<ffffffffa01c0a9a>] nfs4_discover_server_trunking+0x4a/0x2f0 [nfsv4]
    #1:  (rcu_read_lock){......}, at: [<ffffffffa00e3185>] gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
    Preemption disabled at:[<ffffffff81a4f082>] printk+0x4d/0x4f

    CPU: 3 PID: 4539 Comm: mount.nfs Not tainted 3.18.0-rc1-00013-g5b095e9 #3393
    Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
    ffff880021499390 ffff8800381476a8 ffffffff81a534cf 0000000000000001
    0000000000000000 ffff8800381476c8 ffffffff81097854 00000000000000d0
    0000000000000018 ffff880038147718 ffffffff8118e4f3 0000000020479f00
    Call Trace:
    [<ffffffff81a534cf>] dump_stack+0x4f/0x7c
    [<ffffffff81097854>] __might_sleep+0x114/0x180
    [<ffffffff8118e4f3>] __kmalloc+0x1a3/0x280
    [<ffffffffa00e31d8>] gss_stringify_acceptor+0x58/0xb0 [auth_rpcgss]
    [<ffffffffa00e3185>] ? gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
    [<ffffffffa006b438>] rpcauth_stringify_acceptor+0x18/0x30 [sunrpc]
    [<ffffffffa01b0469>] nfs4_proc_setclientid+0x199/0x380 [nfsv4]
    [<ffffffffa01b04d0>] ? nfs4_proc_setclientid+0x200/0x380 [nfsv4]
    [<ffffffffa01bdf1a>] nfs40_discover_server_trunking+0xda/0x150 [nfsv4]
    [<ffffffffa01bde45>] ? nfs40_discover_server_trunking+0x5/0x150 [nfsv4]
    [<ffffffffa01c0acf>] nfs4_discover_server_trunking+0x7f/0x2f0 [nfsv4]
    [<ffffffffa01c8e24>] nfs4_init_client+0x104/0x2f0 [nfsv4]
    [<ffffffffa01539b4>] nfs_get_client+0x314/0x3f0 [nfs]
    [<ffffffffa0153780>] ? nfs_get_client+0xe0/0x3f0 [nfs]
    [<ffffffffa01c83aa>] nfs4_set_client+0x8a/0x110 [nfsv4]
    [<ffffffffa0069708>] ? __rpc_init_priority_wait_queue+0xa8/0xf0 [sunrpc]
    [<ffffffffa01c9b2f>] nfs4_create_server+0x12f/0x390 [nfsv4]
    [<ffffffffa01c1472>] nfs4_remote_mount+0x32/0x60 [nfsv4]
    [<ffffffff81196489>] mount_fs+0x39/0x1b0
    [<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
    [<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
    [<ffffffffa01c1396>] nfs_do_root_mount+0x86/0xc0 [nfsv4]
    [<ffffffffa01c1784>] nfs4_try_mount+0x44/0xc0 [nfsv4]
    [<ffffffffa01549b7>] ? get_nfs_version+0x27/0x90 [nfs]
    [<ffffffffa0161a2d>] nfs_fs_mount+0x47d/0xd60 [nfs]
    [<ffffffff81a59c5e>] ? mutex_unlock+0xe/0x10
    [<ffffffffa01606a0>] ? nfs_remount+0x430/0x430 [nfs]
    [<ffffffffa01609c0>] ? nfs_clone_super+0x140/0x140 [nfs]
    [<ffffffff81196489>] mount_fs+0x39/0x1b0
    [<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
    [<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
    [<ffffffff811b5830>] do_mount+0x210/0xbe0
    [<ffffffff811b54ca>] ? copy_mount_options+0x3a/0x160
    [<ffffffff811b651f>] SyS_mount+0x6f/0xb0
    [<ffffffff81a5c852>] system_call_fastpath+0x12/0x17

Sleeping under the rcu_read_lock is bad. This patch fixes it by dropping
the rcu_read_lock before doing the allocation and then reacquiring it
and redoing the dereference before doing the copy. If we find that the
string has somehow grown in the meantime, we'll reallocate and try again.

Cc: <stable@vger.kernel.org> # v3.17+
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2014-11-13 13:15:49 -05:00
..
auth_gss sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor 2014-11-13 13:15:49 -05:00
xprtrdma Merge branch 'for-3.18' of git://linux-nfs.org/~bfields/linux 2014-10-08 12:51:44 -04:00
addr.c replace strict_strto calls 2014-07-12 18:45:49 -04:00
auth.c SUNRPC: remove all refcounting of groupinfo from rpcauth_lookupcred 2014-08-04 09:22:08 -04:00
auth_generic.c sunrpc/auth: allow lockless (rcu) lookup of credential cache. 2014-08-03 17:14:12 -04:00
auth_null.c sunrpc/auth: allow lockless (rcu) lookup of credential cache. 2014-08-03 17:14:12 -04:00
auth_unix.c SUNRPC refactor rpcauth_checkverf error returns 2013-09-03 15:25:09 -04:00
backchannel_rqst.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
bc_svc.c SUNRPC: remove BUG_ON from bc_send 2012-11-04 14:43:41 -05:00
cache.c SUNRPC: Fix printk that is not only for nfsd 2014-05-08 14:59:51 -04:00
clnt.c Merge branch 'bugfixes' into linux-next 2014-09-30 17:21:41 -04:00
Kconfig xprtrdma: add separate Kconfig options for NFSoRDMA client and server support 2014-03-28 18:02:12 -04:00
Makefile xprtrdma: add separate Kconfig options for NFSoRDMA client and server support 2014-03-28 18:02:12 -04:00
netns.h Merge branch 'for-3.14' of git://linux-nfs.org/~bfields/linux 2014-01-30 10:18:43 -08:00
rpc_pipe.c rpc_pipe: Drop memory allocation cast 2014-07-12 18:43:44 -04:00
rpcb_clnt.c SUNRPC: If the rpcbind channel is disconnected, fail the call to unregister 2013-08-07 17:07:18 -04:00
sched.c NFS/SUNRPC: Remove other deadlock-avoidance mechanisms in nfs_release_page() 2014-09-25 08:25:47 -04:00
socklib.c net: Save software checksum complete 2014-06-11 15:46:13 -07:00
stats.c SUNRPC: Deprecate rpc_client->cl_protname 2013-08-30 09:19:34 -04:00
sunrpc.h SUNRPC: track whether a request is coming from a loop-back interface. 2014-05-22 15:59:18 -04:00
sunrpc_syms.c sunrpc: create a new dummy pipe for gssd to hold open 2013-12-06 13:06:30 -05:00
svc.c SUNRPC: get rid of the request wait queue 2014-08-17 12:00:11 -04:00
svc_xprt.c SUNRPC: Fix compile on non-x86 2014-08-28 15:51:35 -04:00
svcauth.c nfsd4: better reservation of head space for krb5 2014-05-30 17:32:17 -04:00
svcauth_unix.c svcrpc: fix failures to handle -1 uid's 2013-07-08 17:27:23 -04:00
svcsock.c sunrpc: fix byte-swapping of displayed XID 2014-08-28 16:00:07 -04:00
sysctl.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
timer.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
xdr.c SUNRPC: xdr_get_next_encode_buffer should be declared static 2014-07-18 11:35:46 -04:00
xprt.c NFS client updates for Linux 3.17 2014-08-13 18:13:19 -06:00
xprtsock.c NFS/SUNRPC: Remove other deadlock-avoidance mechanisms in nfs_release_page() 2014-09-25 08:25:47 -04:00