Commit 19b015b5 authored Dec 31, 2024 by Trond Myklebust Committed by Li Lingfeng Dec 31, 2024

NFSv4.0: Fix the wake up of the next waiter in nfs_release_seqid()

mainline inclusion
from mainline-v6.13-rc1
commit c968fd23c68e9929ab6cad4faffc8ea603e98e5d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBBR8I
CVE: CVE-2024-53173

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c968fd23c68e9929ab6cad4faffc8ea603e98e5d



--------------------------------

There is no need to wake up another waiter on the seqid list unless the
seqid being removed is at the head of the list, and so is relinquishing
control of the sequence counter to the next entry.

Reviewed-by: Yang Erkun <yangerkun@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>

parent 6994114f

fs/nfs/nfs4state.c

+4 −6

Original line number	Diff line number	Diff line
		@@ -1095,14 +1095,12 @@ void nfs_release_seqid(struct nfs_seqid *seqid)
		return;
		sequence = seqid->sequence;
		spin_lock(&sequence->lock);
		list_del_init(&seqid->list);
		if (!list_empty(&sequence->list)) {
		struct nfs_seqid *next;

		next = list_first_entry(&sequence->list,
		struct nfs_seqid, list);
		if (list_is_first(&seqid->list, &sequence->list) &&
		!list_is_singular(&sequence->list)) {
		struct nfs_seqid *next = list_next_entry(seqid, list);
		rpc_wake_up_queued_task(&sequence->wait, next->task);
		}
		list_del_init(&seqid->list);
		spin_unlock(&sequence->lock);
		}