iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9e895cd964
linux/net/sunrpc
History
Chuck Lever 9e895cd964 xprtrdma: Fix a NULL dereference in frwr_unmap_sync() 
The normal mechanism that invalidates and unmaps MRs is
frwr_unmap_async(). frwr_unmap_sync() is used only when an RPC
Reply bearing Write or Reply chunks has been lost (ie, almost
never).

Coverity found that after commit 9a301cafc8 ("xprtrdma: Move
fr_linv_done field to struct rpcrdma_mr"), the while() loop in
frwr_unmap_sync() exits only once @mr is NULL, unconditionally
causing subsequent dereferences of @mr to Oops.

I've tested this fix by creating a client that skips invoking
frwr_unmap_async() when RPC Replies complete. That forces all
invalidation tasks to fall upon frwr_unmap_sync(). Simple workloads
with this fix applied to the adulterated client work as designed.

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1504556 ("Null pointer dereferences")
Fixes: 9a301cafc8 ("xprtrdma: Move fr_linv_done field to struct rpcrdma_mr")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
2021-05-01 19:42:22 -04:00
..
auth_gss rpc: fix NULL dereference on kmalloc failure 2021-03-06 16:41:49 -05:00
xprtrdma xprtrdma: Fix a NULL dereference in frwr_unmap_sync() 2021-05-01 19:42:22 -04:00
addr.c net: sunrpc: interpret the return value of kstrtou32 correctly 2021-01-10 13:32:51 -05:00
auth_null.c
auth_unix.c SUNRPC: Use the client user namespace when encoding creds 2019-04-26 16:24:32 -04:00
auth.c sunrpc: add missing newline when printing parameter 'auth_hashtable_size' by sysfs 2020-06-11 13:33:48 -04:00
backchannel_rqst.c The one new feature this time, from Anna Schumaker, is READ_PLUS, which 2020-10-22 09:44:27 -07:00
cache.c sunrpc: clean-up cache downcall 2020-12-09 09:38:34 -05:00
clnt.c sunrpc: Fix misplaced barrier in call_decode 2021-05-01 19:42:14 -04:00
debugfs.c net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' 2020-12-02 14:05:54 -05:00
Kconfig SUNRPC: remove RC4-HMAC-MD5 support from KerberosV 2020-09-11 14:39:15 +10:00
Makefile
netns.h
rpc_pipe.c SUNRPC: Fix fall-through warnings for Clang 2021-02-01 13:32:32 -05:00
rpcb_clnt.c sunrpc: honor rpc_task's timeout value in rpcb_create() 2021-04-05 09:04:21 -04:00
sched.c SUNRPC: Set memalloc_nofs_save() for sync tasks 2021-03-08 15:32:16 -05:00
socklib.c skb_copy_and_csum_bits(): don't bother with the last argument 2020-08-20 15:45:13 -04:00
socklib.h SUNRPC: Refactor xs_sendpages() 2020-03-16 12:04:33 -04:00
stats.c proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
sunrpc_syms.c sunrpc: check that domain table is empty at module unload. 2020-05-28 18:15:00 -04:00
sunrpc.h Replace HTTP links with HTTPS ones: NFS, SUNRPC, and LOCKD clients 2020-09-21 10:21:10 -04:00
svc_xprt.c NFSD: Repair misuse of sv_lock in 5.10.16-rt30. 2021-03-06 16:41:48 -05:00
svc.c sunrpc: fix refcount leak for rpc auth modules 2021-03-06 16:41:49 -05:00
svcauth_unix.c sunrpc: Remove unused function ip_map_update 2020-05-06 16:00:11 -04:00
svcauth.c sunrpc: check that domain table is empty at module unload. 2020-05-28 18:15:00 -04:00
svcsock.c SUNRPC: Further clean up svc_tcp_sendmsg() 2021-02-16 12:38:12 -05:00
sysctl.c net/sunrpc: fix useless comparison in proc_do_xprt() 2020-11-08 16:28:25 -05:00
timer.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
xdr.c NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
xprt.c SUNRPC: Handle major timeout in xprt_adjust_timeout() 2021-04-14 09:36:30 -04:00
xprtmultipath.c SUNRPC: Optimise transport balancing code 2019-07-18 14:43:52 -04:00
xprtsock.c SUNRPC: Ensure the transport backchannel association 2021-04-05 09:04:21 -04:00