| From 279b911057bb72dc05e85faf4cafd211ec86b13c Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 4 Aug 2020 12:11:47 -0400 |
| Subject: NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source |
| |
| From: Dave Wysochanski <dwysocha@redhat.com> |
| |
| [ Upstream commit d8a6ad913c286d4763ae20b14c02fe6f39d7cd9f ] |
| |
| The following oops is seen during xfstest/565 when the 'test' |
| (source of the copy) is NFS4.0 and 'scratch' (destination) is NFS4.2 |
| [ 59.692458] run fstests generic/565 at 2020-08-01 05:50:35 |
| [ 60.613588] BUG: kernel NULL pointer dereference, address: 0000000000000008 |
| [ 60.624970] #PF: supervisor read access in kernel mode |
| [ 60.627671] #PF: error_code(0x0000) - not-present page |
| [ 60.630347] PGD 0 P4D 0 |
| [ 60.631853] Oops: 0000 [#1] SMP PTI |
| [ 60.634086] CPU: 6 PID: 2828 Comm: xfs_io Kdump: loaded Not tainted 5.8.0-rc3 #1 |
| [ 60.637676] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 |
| [ 60.639901] RIP: 0010:nfs4_check_serverowner_major_id+0x5/0x30 [nfsv4] |
| [ 60.642719] Code: 89 ff e8 3e b3 b8 e1 e9 71 fe ff ff 41 bc da d8 ff ff e9 c3 fe ff ff e8 e9 9d 08 e2 66 0f 1f 84 00 00 00 00 00 66 66 66 66 90 <8b> 57 08 31 c0 3b 56 08 75 12 48 83 c6 0c 48 83 c7 0c e8 c4 97 bb |
| [ 60.652629] RSP: 0018:ffffc265417f7e10 EFLAGS: 00010287 |
| [ 60.655379] RAX: ffffa0664b066400 RBX: 0000000000000000 RCX: 0000000000000001 |
| [ 60.658754] RDX: ffffa066725fb000 RSI: ffffa066725fd000 RDI: 0000000000000000 |
| [ 60.662292] RBP: 0000000000020000 R08: 0000000000020000 R09: 0000000000000000 |
| [ 60.666189] R10: 0000000000000003 R11: 0000000000000000 R12: ffffa06648258d00 |
| [ 60.669914] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa06648258100 |
| [ 60.673645] FS: 00007faa9fb35800(0000) GS:ffffa06677d80000(0000) knlGS:0000000000000000 |
| [ 60.677698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 |
| [ 60.680773] CR2: 0000000000000008 CR3: 0000000203f14000 CR4: 00000000000406e0 |
| [ 60.684476] Call Trace: |
| [ 60.685809] nfs4_copy_file_range+0xfc/0x230 [nfsv4] |
| [ 60.688704] vfs_copy_file_range+0x2ee/0x310 |
| [ 60.691104] __x64_sys_copy_file_range+0xd6/0x210 |
| [ 60.693527] do_syscall_64+0x4d/0x90 |
| [ 60.695512] entry_SYSCALL_64_after_hwframe+0x44/0xa9 |
| [ 60.698006] RIP: 0033:0x7faa9febc1bd |
| |
| Signed-off-by: Dave Wysochanski <dwysocha@redhat.com> |
| Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/nfs/nfs4file.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c |
| index 984938024011b..9d354de613dae 100644 |
| --- a/fs/nfs/nfs4file.c |
| +++ b/fs/nfs/nfs4file.c |
| @@ -146,7 +146,8 @@ static ssize_t __nfs4_copy_file_range(struct file *file_in, loff_t pos_in, |
| /* Only offload copy if superblock is the same */ |
| if (file_in->f_op != &nfs4_file_operations) |
| return -EXDEV; |
| - if (!nfs_server_capable(file_inode(file_out), NFS_CAP_COPY)) |
| + if (!nfs_server_capable(file_inode(file_out), NFS_CAP_COPY) || |
| + !nfs_server_capable(file_inode(file_in), NFS_CAP_COPY)) |
| return -EOPNOTSUPP; |
| if (file_inode(file_in) == file_inode(file_out)) |
| return -EOPNOTSUPP; |
| -- |
| 2.27.0 |
| |