From nobody Tue May 3 14:23:59 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6DFD11AC131F; Tue, 3 May 2022 14:23:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kt2Jb2Z1tz3q8y; Tue, 3 May 2022 14:23:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651587839; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YBFbbyDIR9FjMRo8JraGkVy55icZulwNgpPaQlTA5NA=; b=QynakfUh2EnH6V7ABuUJGxzI1WvNJXaA0jLaftZFBc3Bg0YL3RmYupT6JD34gUSZa1YRD1 HcPTh5GLOBEzgUmVPa8guKpRR65aMiDEtd/4EgyxDZ8odyzp6XNGKQnAAK5DF5Nwx3Z9jZ 6pW3wi/lar+SUTaF1IAVC5PbY8WFfG0jC6Fp69eoNnueQ9rtczkoGroEJP+jvJb4cn1YaW 6oOJoAngaGxw7Pq0dpc0JIxjHKP1VjkqhlVtJhYbHr2qeXpngqhxActmC9E3TgnibufmkN Oy5YZzlmjXLImwXjETjMZE2ZiRKWGEnTrtQUs9byfXiujaXwzZprtxzQzuikXQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 384451FBF3; Tue, 3 May 2022 14:23:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 243ENx5L005154; Tue, 3 May 2022 14:23:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 243ENxwd005153; Tue, 3 May 2022 14:23:59 GMT (envelope-from git) Date: Tue, 3 May 2022 14:23:59 GMT Message-Id: <202205031423.243ENxwd005153@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: 70910e4b55ca - main - nfscl: Acquire a refcount on "cred" for mirrored pNFS RPCs List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 70910e4b55ca976ca0ad4aa3e34252ba148a6126 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651587839; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YBFbbyDIR9FjMRo8JraGkVy55icZulwNgpPaQlTA5NA=; b=Fq8kTwLL9OPbDW2o/XsfBEVqjSF7/yh0MDWnVhGh2Zx8LgRqn4fGRaBCYK9TOsHY7OWOpH VcES9531uI/gfvITu27K5Vjjc5WxKGCmRBdvbvpqEifygJWB/Z78gAbPQnOV3lNnasfXlu VwkbVC2/QDylJ9t8UaqKeUqiLr/dA5aFfZdBPUY1fYHxd6qAt+fqURHpeysCTlqS5cnZWN //GL0Ya7UPHobMvVH5XhczczlzsnaMxhLKkQWQk5CSpvaY3fRoZL9icP4L6Ksglgs8hnMd rC0R2/v6wm5t9V355Tc6yRcMTkyqYH1RFryNhFroYNsaQlzgEZaH39HZYe/L1g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651587839; a=rsa-sha256; cv=none; b=CVbUZMmm/P/TlrRfis70o8P7WwFgshBCby/8Qn9lzO55BAiYakK1TM1yNUOqtAzeU6bZEd lXMTLWURAI5ZoFGqq+uoj3nD0M86Q4KBhB3lBMIsSpLORzcnrrA6BeYvp3gl0QtI+jB04K 2zoWtQxnA7POiCkEf7awAmy6IfdvJEjysWTwi99NoamtQF3l0nsIzENwtZafpabMCGgiVK TIalrZi0wNtMfv6rbVDcwKQEcqCGQZ+wvA2w7a48505KPK3ic7UREPj4nRGK4uFVeddMi3 Hg57X7MMUHc164DzHg+EgGQhPPdXVHQGv1lCL2ifpXXejUASLPXcv/Q1sRbCww== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=70910e4b55ca976ca0ad4aa3e34252ba148a6126 commit 70910e4b55ca976ca0ad4aa3e34252ba148a6126 Author: Rick Macklem AuthorDate: 2022-05-03 14:22:15 +0000 Commit: Rick Macklem CommitDate: 2022-05-03 14:22:15 +0000 nfscl: Acquire a refcount on "cred" for mirrored pNFS RPCs When the NFSv4.1/4.2 client is doing a pnfs mount to mirrored DS(s), asynchronous threads are used to do the RPCs against the DS(s) concurrently. If a DS is slow to reply, it is possible for the "cred" to be free'd before the asynchronous thread is done with it, causing a panic/crash. This patch fixes the problem by acquiring a refcount on the "cred" while it is being used by the asynchronous thread for a DS RPC. This bug was found during a recent IETF NFSv4 testing event. This bug only affects "pnfs" mounts to mirrored pNFS servers. MFC after: 2 weeks --- sys/fs/nfsclient/nfs_clrpcops.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 9d19114ab07c..83ce96107ecc 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -7010,6 +7010,7 @@ start_writedsmir(void *arg, int pending) drpc->fhp, drpc->m, drpc->vers, drpc->minorvers, drpc->cred, drpc->p); drpc->done = 1; + crfree(drpc->cred); NFSCL_DEBUG(4, "start_writedsmir: err=%d\n", drpc->err); } @@ -7037,7 +7038,7 @@ nfsio_writedsmir(vnode_t vp, int *iomode, int *must_commit, drpc->m = m; drpc->vers = vers; drpc->minorvers = minorvers; - drpc->cred = cred; + drpc->cred = crhold(cred); drpc->p = p; drpc->inprog = 0; ret = EIO; @@ -7045,9 +7046,11 @@ nfsio_writedsmir(vnode_t vp, int *iomode, int *must_commit, ret = nfs_pnfsio(start_writedsmir, drpc); NFSCL_DEBUG(4, "nfsio_writedsmir: nfs_pnfsio=%d\n", ret); } - if (ret != 0) + if (ret != 0) { error = nfsrpc_writedsmir(vp, iomode, &drpc->must_commit, stateidp, dsp, off, len, fhp, m, vers, minorvers, cred, p); + crfree(drpc->cred); + } NFSCL_DEBUG(4, "nfsio_writedsmir: error=%d\n", error); return (error); } @@ -7195,6 +7198,7 @@ start_commitds(void *arg, int pending) drpc->dsp, drpc->fhp, drpc->vers, drpc->minorvers, drpc->cred, drpc->p); drpc->done = 1; + crfree(drpc->cred); NFSCL_DEBUG(4, "start_commitds: err=%d\n", drpc->err); } @@ -7217,7 +7221,7 @@ nfsio_commitds(vnode_t vp, uint64_t offset, int cnt, struct nfsclds *dsp, drpc->fhp = fhp; drpc->vers = vers; drpc->minorvers = minorvers; - drpc->cred = cred; + drpc->cred = crhold(cred); drpc->p = p; drpc->inprog = 0; ret = EIO; @@ -7225,9 +7229,11 @@ nfsio_commitds(vnode_t vp, uint64_t offset, int cnt, struct nfsclds *dsp, ret = nfs_pnfsio(start_commitds, drpc); NFSCL_DEBUG(4, "nfsio_commitds: nfs_pnfsio=%d\n", ret); } - if (ret != 0) + if (ret != 0) { error = nfsrpc_commitds(vp, offset, cnt, dsp, fhp, vers, minorvers, cred, p); + crfree(drpc->cred); + } NFSCL_DEBUG(4, "nfsio_commitds: error=%d\n", error); return (error); } @@ -7334,11 +7340,12 @@ start_adviseds(void *arg, int pending) drpc->advise, drpc->dsp, drpc->fhp, drpc->vers, drpc->minorvers, drpc->cred, drpc->p); drpc->done = 1; + crfree(drpc->cred); NFSCL_DEBUG(4, "start_adviseds: err=%d\n", drpc->err); } /* - * Set up the commit DS mirror call for the pNFS I/O thread. + * Set up the advise DS mirror call for the pNFS I/O thread. */ static int nfsio_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise, @@ -7357,7 +7364,7 @@ nfsio_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise, drpc->fhp = fhp; drpc->vers = vers; drpc->minorvers = minorvers; - drpc->cred = cred; + drpc->cred = crhold(cred); drpc->p = p; drpc->inprog = 0; ret = EIO; @@ -7365,9 +7372,11 @@ nfsio_adviseds(vnode_t vp, uint64_t offset, int cnt, int advise, ret = nfs_pnfsio(start_adviseds, drpc); NFSCL_DEBUG(4, "nfsio_adviseds: nfs_pnfsio=%d\n", ret); } - if (ret != 0) + if (ret != 0) { error = nfsrpc_adviseds(vp, offset, cnt, advise, dsp, fhp, vers, minorvers, cred, p); + crfree(drpc->cred); + } NFSCL_DEBUG(4, "nfsio_adviseds: error=%d\n", error); return (error); }