From nobody Wed Nov 22 00:14:08 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SZhYr6wR4z51MwC;
	Wed, 22 Nov 2023 00:14:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SZhYr67JVz4Z8r;
	Wed, 22 Nov 2023 00:14:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1700612048;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1iQZgh13K5UH7CTBGoLunDY0tbp/cjKJ7ORhgWbaYfI=;
	b=PNASlu840WI2s0t3pqN2UVKYL5cQIYie7AM7vg1Cr4Ey52uswwXrSVshT8DBgBhj+VGY3t
	n2cwYtHzphto7ph64B5W8/JpvqXMgXum2WyRSXDpxfBGuWOg/P6tccpUh4+e9P99KQM7kq
	xbgm1vqglpD5iEUXddh2bTEioIlayxBJASuDwl/JFM3SAKGculImyW7YC+YleqW7ep8j7O
	OixhPK9G6d6l4VN5km39HZpvUKiMU5Q0x/NH0nkm3iPIq3zbk9sxABHRlP6VIHF9QaiNvu
	3XERh9BNO+dOmt6mYMWnRgTK6gnR6fx/q5HeXKIoDaplaQ2+7RUklzRRx1XNWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1700612048;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1iQZgh13K5UH7CTBGoLunDY0tbp/cjKJ7ORhgWbaYfI=;
	b=jkptW69mfbaKZDAGq/KL7O2+/pIzvf/yQDapUtQbWxXT3tnsI2MzUJ/aCEy23jIB9fqtBm
	CO+Yfs3LbGz7ViccUYAzhtvVY1+irv5UajcLZH0zQt1KtPiPtvhd8UtTRK8y6yRfa8Qyi4
	ZHlm606KtoL9jnY/sdN7V8XEfjrux/JBc0QyKTLE7qp46VUqWATTIO2tWYRlxAzKONYTNC
	IDH/RL6zzVCy/I/RE0N6puRvGdcjBaGWxE+Hz48U+269PXo4rAJEJVfKocqbgvPwXRrvMC
	KgtaG27k1Vp/yedgQLFrRdCR5R6wwyn9fgRpVso1Jtq6GFrIaGeqcGxcAZ41ag==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700612048; a=rsa-sha256; cv=none;
	b=U0WqH0gvQNGqk18J/1brSvwqGrphyxr2vRiHrtvv81tVQtZDVH7sPOdzbHE72Gfbuk3kud
	yiY3sK87Fve0UxgbrCEMYqh+7Q1NGk4R9qhpBFXpusPUqoDDykxs80EvtxmUxfFlNHnwQ8
	8kS9B14aCLsVMLteHVMlrQR6r1zZ9m3V0O2/dLKnu/mtXg3ss9MXjEWZ5gHot+sIvIs7s/
	2TKIos4uNirtT1gUZI9yfp9AVUNrMIbCrjnM7ctvTRPEg96DkVrUu7sRnu1qrDjel7RJcn
	w365CdlWLZ7ViuU0WCe1WcRRU9fG/RQ3eFaDnmvBpt50z9S7V2WADmjW+79fww==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SZhYr5Cv6zx1W;
	Wed, 22 Nov 2023 00:14:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AM0E8Vv014347;
	Wed, 22 Nov 2023 00:14:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AM0E89L014344;
	Wed, 22 Nov 2023 00:14:08 GMT
	(envelope-from git)
Date: Wed, 22 Nov 2023 00:14:08 GMT
Message-Id: <202311220014.3AM0E89L014344@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 2d8d914450da - stable/13 - nfscl: newnfs_copycred()
  cannot be called when a mutex is held
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 2d8d914450da1f9b79a7b51c0970445fcd9f648f
Auto-Submitted: auto-generated

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=2d8d914450da1f9b79a7b51c0970445fcd9f648f

commit 2d8d914450da1f9b79a7b51c0970445fcd9f648f
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-11-06 22:25:30 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-11-22 00:13:25 +0000

    nfscl: newnfs_copycred() cannot be called when a mutex is held
    
    Since newnfs_copycred() calls crsetgroups() which in turn calls
    crextend() which might do a malloc(M_WAITOK), newnfs_copycred()
    cannot be called with a mutex held.  Fortunately, the malloc()
    call is rarely done, since XU_GROUPS is 16 and the NFS client
    uses a maximum of 17 (only 17 groups will cause the malloc() to
    be called).  Further, it is only a problem if the malloc() tries
    to sleep().  As such, this bug does not seem to have caused
    problems in practice.
    
    This patch fixes the one place in the NFS client where
    newnfs_copycred() is called while a mutex is held by moving the
    call to after where the mutex is released.
    
    Found by inspection while working on an experimental patch.
    
    (cherry picked from commit 501bdf3001190686bf55d9d333cb533858c2cf2f)
---
 sys/fs/nfsclient/nfs_clstate.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/fs/nfsclient/nfs_clstate.c b/sys/fs/nfsclient/nfs_clstate.c
index 3d516a33934f..9ab0a29e9c5d 100644
--- a/sys/fs/nfsclient/nfs_clstate.c
+++ b/sys/fs/nfsclient/nfs_clstate.c
@@ -528,6 +528,7 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 	struct nfscldeleg *dp;
 	struct nfsnode *np;
 	struct nfsmount *nmp;
+	struct nfscred ncr;
 	u_int8_t own[NFSV4CL_LOCKNAMELEN], lockown[NFSV4CL_LOCKNAMELEN];
 	int error;
 	bool done;
@@ -685,7 +686,7 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 		 * A read ahead or write behind is indicated by p == NULL.
 		 */
 		if (p == NULL)
-			newnfs_copycred(&op->nfso_cred, cred);
+			memcpy(&ncr, &op->nfso_cred, sizeof(ncr));
 	}
 
 	/*
@@ -699,6 +700,8 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode,
 	stateidp->other[1] = op->nfso_stateid.other[1];
 	stateidp->other[2] = op->nfso_stateid.other[2];
 	NFSUNLOCKCLSTATE();
+	if (p == NULL)
+		newnfs_copycred(&ncr, cred);
 	return (0);
 }