From nobody Wed Nov 22 00:10:39 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SZhTq5yXrz51MNn;
	Wed, 22 Nov 2023 00:10:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SZhTq5Y81z4YlF;
	Wed, 22 Nov 2023 00:10:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1700611839;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=A4J2a4cAyIFWjbY3z4GXMWikaLkw6vStZJ0YBdWYA1A=;
	b=qyGoT3gPczVr8hiYUJrGws10Ohkd0j3jbtnO3pHy7ESE6UVrUfKZ4dU3pGBuV1Qucykp7t
	epNNBm1VuGJOBL6M8wFgztOsJjc9wvoLNcNJlGBT0Bibolue9nayDabLkLxD+pFOcfQ9ig
	9DaGiak0nT+zIrBgDYOj57HPtpi9KhytQ7tYVQ6ywVvWcQoG9Ggdovhs8XZrd/MGe+mnW/
	/NloVYRUgVJeFzeXN+dIzB92jz2IDKZz01DsbzsZT04GoALjS05W2KzMtFLfscdcjFN/o9
	XB1WT0VTi/ScI7kCsPTOFH+ZbliAzMnElD5HdgKFJkfZj0iqrRgBlXEE7c5w2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1700611839;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=A4J2a4cAyIFWjbY3z4GXMWikaLkw6vStZJ0YBdWYA1A=;
	b=GKil6x351Wb3gWkbPnUiMJIK2vaT4yG8URomiAV/DUeqcm1Je29UiDxA3840C5XmEfciSh
	nIC4bjiYsd7y7XiM4NGVYG+GyQZ2ZtOOqMThUWp+u56bMl3YCQ4Z2FBHpEaC6ijiV3WOHs
	Y7o12OZqGpDG0tNqpg3C9ce43tbxk3vRcI7lZ+f3ZIkF1I0vdeV5IXTBQgouY+CtIPT0Ju
	2UX6dg0d8arn5eLf1E8zTj/c0LD+d1pJlWm/4rmjCvkoJwZxVodb9XK1dkNyOguOhN/1i6
	aAyIkXrkcMBYAL/TCCQ233+sjOsG4vbAmq4wUcYJcxvj5RWMt8tpUi16HNyysA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700611839; a=rsa-sha256; cv=none;
	b=sRkaCM/SyZkKXkRMy9gW31P4p8RGz16bAMOCWpe/3zDnfbF7RiqPBD14Y3Eh4/sCdNdYEs
	kPSijmV5WCCxlt5+JaBJIkPHB38H3kj6X6WOcb5IAhDjyoDENhoGVYP98mDKmrmKfmsFxI
	rqOxb5shDZFT3VJYhX3XAhhnMuSvYJ8mvIgkxTRcjv//6HatxSr9Ag8x8hrC4wS22pRNcq
	AD321+Veg+qJXnz8rqdR1+txziysrZIoKiSGQEaiqNRXIT6Yt7koI/9B9/nQX5hoTAPVyv
	9a48ziVR0QU5g2MNg9zgVkALu6gUKSeBywO6n/0U62sJYFF3AFOVJLoAXJKLPA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SZhTq4d5qzwWb;
	Wed, 22 Nov 2023 00:10:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AM0Ads0007553;
	Wed, 22 Nov 2023 00:10:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AM0Ad9J007549;
	Wed, 22 Nov 2023 00:10:39 GMT
	(envelope-from git)
Date: Wed, 22 Nov 2023 00:10:39 GMT
Message-Id: <202311220010.3AM0Ad9J007549@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 64d119ab5a36 - stable/14 - nfscl: newnfs_copycred()
  cannot be called when a mutex is held
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 64d119ab5a3600c45daf68a0eade19a5432e7563
Auto-Submitted: auto-generated

The branch stable/14 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=64d119ab5a3600c45daf68a0eade19a5432e7563

commit 64d119ab5a3600c45daf68a0eade19a5432e7563
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-06 22:25:30 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-11-22 00:09:13 +0000

    nfscl: newnfs_copycred() cannot be called when a mutex is held
    
    Since newnfs_copycred() calls crsetgroups() which in turn calls
    crextend() which might do a malloc(M_WAITOK), newnfs_copycred()
    cannot be called with a mutex held.  Fortunately, the malloc()
    call is rarely done, since XU_GROUPS is 16 and the NFS client
    uses a maximum of 17 (only 17 groups will cause the malloc() to
    be called).  Further, it is only a problem if the malloc() tries
    to sleep().  As such, this bug does not seem to have caused
    problems in practice.
    
    This patch fixes the one place in the NFS client where
    newnfs_copycred() is called while a mutex is held by moving the
    call to after where the mutex is released.
    
    Found by inspection while working on an experimental patch.
    
    (cherry picked from commit 501bdf3001190686bf55d9d333cb533858c2cf2f)
---
 sys/fs/nfsclient/nfs_clstate.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/fs/nfsclient/nfs_clstate.c b/sys/fs/nfsclient/nfs_clstate.c
index 579210941802..ebc11efea637 100644
--- a/sys/fs/nfsclient/nfs_clstate.c
+++ b/sys/fs/nfsclient/nfs_clstate.c
@@ -526,6 +526,7 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 	struct nfscldeleg *dp;
 	struct nfsnode *np;
 	struct nfsmount *nmp;
+	struct nfscred ncr;
 	u_int8_t own[NFSV4CL_LOCKNAMELEN], lockown[NFSV4CL_LOCKNAMELEN];
 	int error;
 	bool done;
@@ -683,7 +684,7 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 		 * A read ahead or write behind is indicated by p == NULL.
 		 */
 		if (p == NULL)
-			newnfs_copycred(&op->nfso_cred, cred);
+			memcpy(&ncr, &op->nfso_cred, sizeof(ncr));
 	}
 
 	/*
@@ -697,6 +698,8 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 	stateidp->other[1] = op->nfso_stateid.other[1];
 	stateidp->other[2] = op->nfso_stateid.other[2];
 	NFSUNLOCKCLSTATE();
+	if (p == NULL)
+		newnfs_copycred(&ncr, cred);
 	return (0);
 }