September 2024 - Linux-stable-mirror

[STABLE REGRESSION] Possible missing backport of x86_match_cpu() change in v6.1.96

by Thomas Lindroth

I upgraded from kernel 6.1.94 to 6.1.99 on one of my machines and noticed that the dmesg line "Incomplete global flushes, disabling PCID" had disappeared from the log. That message comes from commit c26b9e193172f48cd0ccc64285337106fb8aa804, which disables PCID support on some broken hardware in arch/x86/mm/init.c: #define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \ .family = 6, \ .model = _model, \ } /* * INVLPG may not properly flush Global entries * on these CPUs when PCIDs are enabled. */ static const struct x86_cpu_id invlpg_miss_ids[] = { INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N ), INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), {} ... if (x86_match_cpu(invlpg_miss_ids)) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; } arch/x86/mm/init.c, which has that code, hasn't changed in 6.1.94 -> 6.1.99. However I found a commit changing how x86_match_cpu() behaves in 6.1.96: commit 8ab1361b2eae44077fef4adea16228d44ffb860c Author: Tony Luck <tony.luck(a)intel.com> Date: Mon May 20 15:45:33 2024 -0700 x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL I suspect this broke the PCID disabling code in arch/x86/mm/init.c. The commit message says: "Add a new flags field to struct x86_cpu_id that has a bit set to indicate that this entry in the array is valid. Update X86_MATCH*() macros to set that bit. Change the end-marker check in x86_match_cpu() to just check the flags field for this bit." But the PCID disabling code in 6.1.99 does not make use of the X86_MATCH*() macros; instead, it defines a new INTEL_MATCH() macro without the X86_CPU_ID_FLAG_ENTRY_VALID flag. I looked in upstream git and found an existing fix: commit 2eda374e883ad297bd9fe575a16c1dc850346075 Author: Tony Luck <tony.luck(a)intel.com> Date: Wed Apr 24 11:15:18 2024 -0700 x86/mm: Switch to new Intel CPU model defines New CPU #defines encode vendor and family as well as model. [ dhansen: vertically align 0's in invlpg_miss_ids[] ] Signed-off-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Link: https://lore.kernel.org/all/20240424181518.41946-1-tony.luck%40intel.com diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 679893ea5e68..6b43b6480354 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -261,21 +261,17 @@ static void __init probe_page_size_mask(void) } } -#define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \ - .family = 6, \ - .model = _model, \ - } /* * INVLPG may not properly flush Global entries * on these CPUs when PCIDs are enabled. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), - INTEL_MATCH(INTEL_FAM6_ATOM_GRACEMONT ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), + X86_MATCH_VFM(INTEL_ALDERLAKE, 0), + X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0), + X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0), + X86_MATCH_VFM(INTEL_RAPTORLAKE, 0), + X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0), + X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0), {} }; The fix removed the custom INTEL_MATCH macro and uses the X86_MATCH*() macros with X86_CPU_ID_FLAG_ENTRY_VALID. This fixed commit was never backported to 6.1, so it looks like a stable series regression due to a missing backport. If I apply the fix patch on 6.1.99, the PCID disabling code activates again. I had to change all the INTEL_* definitions to the old definitions to make it build: static const struct x86_cpu_id invlpg_miss_ids[] = { - INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), + X86_MATCH_VFM(INTEL_FAM6_ALDERLAKE, 0), + X86_MATCH_VFM(INTEL_FAM6_ALDERLAKE_L, 0), + X86_MATCH_VFM(INTEL_FAM6_ALDERLAKE_N, 0), + X86_MATCH_VFM(INTEL_FAM6_RAPTORLAKE, 0), + X86_MATCH_VFM(INTEL_FAM6_RAPTORLAKE_P, 0), + X86_MATCH_VFM(INTEL_FAM6_RAPTORLAKE_S, 0), {} }; I only looked at the code in arch/x86/mm/init.c, so there may be other uses of x86_match_cpu() in the kernel that are also broken in 6.1.99. This email is meant as a bug report, not a pull request. Someone else should confirm the problem and submit the appropriate fix.

11 months, 2 weeks

6
7
0 0

[PATCH 5.4.y] selftests: breakpoints: Fix a typo of function name

by Samasth Norway Ananda

From: Masami Hiramatsu <mhiramat(a)kernel.org> commit 5b06eeae52c02dd0d9bc8488275a1207d410870b upstream. Since commit 5821ba969511 ("selftests: Add test plan API to kselftest.h and adjust callers") accidentally introduced 'a' typo in the front of run_test() function, breakpoint_test_arm64.c became not able to be compiled. Remove the 'a' from arun_test(). Fixes: 5821ba969511 ("selftests: Add test plan API to kselftest.h and adjust callers") Reported-by: Jun Takahashi <takahashi.jun_s(a)aa.socionext.com> Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Kees Cook <keescook(a)chromium.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> [Samasth: bp to 5.4.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> --- tools/testing/selftests/breakpoints/breakpoint_test_arm64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c b/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c index 58ed5eeab7094..ad41ea69001bc 100644 --- a/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c +++ b/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c @@ -109,7 +109,7 @@ static bool set_watchpoint(pid_t pid, int size, int wp) return false; } -static bool arun_test(int wr_size, int wp_size, int wr, int wp) +static bool run_test(int wr_size, int wp_size, int wr, int wp) { int status; siginfo_t siginfo; -- 2.45.2

11 months, 2 weeks

2
1
0 0

[PATCH v2 1/2] drm/xe/vm: move xa_alloc to prevent UAF

by Matthew Auld

Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_vm.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 31fe31db3fdc..ce9dca4d4e87 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1765,10 +1765,6 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, if (IS_ERR(vm)) return PTR_ERR(vm); - err = xa_alloc(&xef->vm.xa, &id, vm, xa_limit_32b, GFP_KERNEL); - if (err) - goto err_close_and_put; - if (xe->info.has_asid) { down_write(&xe->usm.lock); err = xa_alloc_cyclic(&xe->usm.asid_to_vm, &asid, vm, @@ -1776,12 +1772,11 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, &xe->usm.next_asid, GFP_KERNEL); up_write(&xe->usm.lock); if (err < 0) - goto err_free_id; + goto err_close_and_put; vm->usm.asid = asid; } - args->vm_id = id; vm->xef = xe_file_get(xef); /* Record BO memory for VM pagetable created against client */ @@ -1794,10 +1789,15 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, args->reserved[0] = xe_bo_main_addr(vm->pt_root[0]->bo, XE_PAGE_SIZE); #endif + /* user id alloc must always be last in ioctl to prevent UAF */ + err = xa_alloc(&xef->vm.xa, &id, vm, xa_limit_32b, GFP_KERNEL); + if (err) + goto err_close_and_put; + + args->vm_id = id; + return 0; -err_free_id: - xa_erase(&xef->vm.xa, id); err_close_and_put: xe_vm_close_and_put(vm); -- 2.46.1

11 months, 2 weeks

3
2
0 0

[PATCH V2] rpmsg: glink: Add abort_tx check in intent wait

by Deepak Kumar Singh

From: Sarannya S <quic_sarannya(a)quicinc.com> On remote susbsystem restart rproc will stop glink subdev which will trigger qcom_glink_native_remove, any ongoing intent wait should be aborted from there otherwise this wait delays glink send which potentially delays glink channel removal as well. This further introduces delay in ssr notification to other remote subsystems from rproc. Currently qcom_glink_native_remove is not setting channel->intent_received, so any ongoing intent wait is not aborted on remote susbsystem restart. abort_tx flag can be used as a condition to abort in such cases. Adding abort_tx flag check in intent wait, to abort intent wait from qcom_glink_native_remove. Fixes: c05dfce0b89e ("rpmsg: glink: Wait for intent, not just request ack") Cc: stable(a)vger.kernel.org Signed-off-by: Sarannya S <quic_sarannya(a)quicinc.com> Signed-off-by: Deepak Kumar Singh <quic_deesin(a)quicinc.com> --- drivers/rpmsg/qcom_glink_native.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 82d460ff4777..ff828531c36f 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -438,7 +438,6 @@ static void qcom_glink_handle_intent_req_ack(struct qcom_glink *glink, static void qcom_glink_intent_req_abort(struct glink_channel *channel) { - WRITE_ONCE(channel->intent_req_result, 0); wake_up_all(&channel->intent_req_wq); } @@ -1354,8 +1353,9 @@ static int qcom_glink_request_intent(struct qcom_glink *glink, goto unlock; ret = wait_event_timeout(channel->intent_req_wq, - READ_ONCE(channel->intent_req_result) >= 0 && - READ_ONCE(channel->intent_received), + (READ_ONCE(channel->intent_req_result) >= 0 && + READ_ONCE(channel->intent_received)) || + glink->abort_tx, 10 * HZ); if (!ret) { dev_err(glink->dev, "intent request timed out\n"); -- 2.34.1

11 months, 2 weeks

2
1
0 0

nfsv41: stale file handles after VM shutdown/poweron - but works during warm reboot

by Christian Theune

Hi, we're experiencing a weird NFS (client?) issue when we cold restart a Linux virtual machine running an NFS server. The client will reconnect when the server comes back but we end up with stale file handles and have to unmount/remount. Initially I thought we did something stupid running the `soft` option and wanted to convert to `hard,timeo=6,retrans=10` but noticed that our original problems that caused me to investigate did not go away when changing the mount options. The issue seems to be (surprisingly!) caused when restarting the NFS server VM using a "cold boot" approach: calling shutdown and then having the VM started with a fresh Qemu process. When restarting the NFS server VM using a warm reboot we do not see stale file handles. This appears not to be a race condition or timeouts happening as its reliably reproducable in either direction - I've tried dozens of times and it always works with a reboot and always ends up with stale file handles when shutting down/starting a fresh VM. I've played around with shutting off the NFS server service and introducing delays before cold and warm restarts but the symptoms remain the same. I've tried reading through man pages, kernel documentation, and kernel code but haven't found anything that points to me doing something wrong. The nfsd and client settings are all at their defaults in /proc (at least I didn't find any config management modifying them and peeking at a few of them they ran at their defaults). The issue can be observed on 5.15.164 as well as 6.11. We've been running identical setups for many years and haven't observed this issue until a few months ago. We’ve been running with 5.15 for a while now and I think this might have been introduced somewhere along the way. I've added the client side kernel traces here. Network traffic was not enlightening. I tried chopping the traces into parts that reflect what happens on the server. Setup ===== Server and client are both Qemu/KVM VMs running NixOS with a (for practical purposes) vanilla kernel (two one line patches that change the `bridge-stp` and `request-key` helper paths). Mount: <server>:/srv/nfs/shared on /mnt/nfs/shared type nfs4 (rw,relatime,vers=4.2,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp6,timeo=100,retrans=30,sec=sys,clientaddr=<v6network>::1137,local_lock=none,addr=<v6network>::1136) Export: /srv/nfs/shared <server>(rw,sync,root_squash,no_subtree_check) <client>(rw,sync,root_squash,no_subtree_check) Case 1 (cold reboot - ends up broken) ===================================== We're stopping the server, waiting for a bit and then poweroff. Basically: server> systemctl stop nfs-server; sleep 30; poweroff The poweroff causes the VM to be automatically restarted after a few seconds with a fresh Qemu process - but with all identical settings from the previous instance. The client sees the following rpc and nfs trace: server> systemctl stop nfs-server client kernel log> [ 4965.503048] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 4965.503975] RPC: state 8 conn 1 dead 0 zapped 1 sk_shutdown 1 [ 4965.505105] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 4965.505930] RPC: state 9 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 4965.506712] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 4965.507469] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 4965.508261] RPC: xs_close xprt 000000004f6bb8b0 [ 4965.509108] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 4965.509916] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 server> sleep 30 client kernel log> [ 4998.558930] nfs4_renew_state: start [ 4998.559497] <-- nfs41_proc_async_sequence status=0 [ 4998.560074] nfs4_renew_state: done [ 4998.560473] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 4998.561379] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 4998.562442] encode_sequence: sessionid=1727262693:2026340752:2:0 seqid=47 slotid=0 max_slotid=0 cache_this=0 [ 4998.563650] RPC: xs_connect scheduled xprt 000000004f6bb8b0 [ 4998.564385] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:788: ok (0) [ 4998.565372] RPC: worker connecting xprt 000000004f6bb8b0 via tcp to <v6network>::1136 (port 2049) [ 4998.566606] RPC: 000000004f6bb8b0 connect status 115 connected 0 sock state 2 [ 4998.567594] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 4998.567596] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 4998.567600] RPC: xs_error_report client 000000004f6bb8b0, error=111... [ 4998.569979] RPC: xs_close xprt 000000004f6bb8b0 [ 4998.570565] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 4998.571276] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5001.630875] RPC: xs_connect scheduled xprt 000000004f6bb8b0 [ 5001.631969] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:745: ok (0) [ 5001.632890] RPC: worker connecting xprt 000000004f6bb8b0 via tcp to <v6network>::1136 (port 2049) [ 5001.634262] RPC: 000000004f6bb8b0 connect status 115 connected 0 sock state 2 [ 5001.635306] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5001.635308] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5001.635312] RPC: xs_error_report client 000000004f6bb8b0, error=111... [ 5001.637871] RPC: xs_close xprt 000000004f6bb8b0 [ 5001.638465] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5001.639237] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5004.702871] RPC: xs_connect scheduled xprt 000000004f6bb8b0 [ 5004.703851] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:1012: ok (0) [ 5004.704995] RPC: worker connecting xprt 000000004f6bb8b0 via tcp to <v6network>::1136 (port 2049) [ 5004.706752] RPC: 000000004f6bb8b0 connect status 115 connected 0 sock state 2 [ 5004.708103] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5004.708106] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5004.708110] RPC: xs_error_report client 000000004f6bb8b0, error=111... [ 5004.711656] RPC: xs_close xprt 000000004f6bb8b0 [ 5004.712489] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5004.713521] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5007.774811] RPC: xs_connect scheduled xprt 000000004f6bb8b0 [ 5007.775819] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:811: ok (0) [ 5007.776749] RPC: worker connecting xprt 000000004f6bb8b0 via tcp to <v6network>::1136 (port 2049) [ 5007.778362] RPC: 000000004f6bb8b0 connect status 115 connected 0 sock state 2 [ 5007.779413] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5007.779416] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5007.779420] RPC: xs_error_report client 000000004f6bb8b0, error=111... [ 5007.782197] RPC: xs_close xprt 000000004f6bb8b0 [ 5007.782884] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5007.783757] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5010.846776] RPC: xs_connect scheduled xprt 000000004f6bb8b0 [ 5010.847884] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:920: ok (0) [ 5010.848923] RPC: worker connecting xprt 000000004f6bb8b0 via tcp to <v6network>::1136 (port 2049) [ 5010.850346] RPC: 000000004f6bb8b0 connect status 115 connected 0 sock state 2 [ 5010.851478] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5010.851480] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5010.851484] RPC: xs_error_report client 000000004f6bb8b0, error=111... [ 5010.854398] RPC: xs_close xprt 000000004f6bb8b0 [ 5010.855067] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5010.855829] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5013.918740] RPC: xs_connect scheduled xprt 000000004f6bb8b0 [ 5013.919802] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:691: ok (0) [ 5013.920747] RPC: worker connecting xprt 000000004f6bb8b0 via tcp to <v6network>::1136 (port 2049) [ 5013.922364] RPC: 000000004f6bb8b0 connect status 115 connected 0 sock state 2 server> poweroff (server powers off and gets restarted) client kernel log> [ 5082.014329] RPC: xs_tcp_state_change client 000000004f6bb8b0... [ 5082.015431] RPC: state 1 conn 0 dead 0 zapped 1 sk_shutdown 0 [ 5082.016693] RPC: xs_tcp_send_request(116) = 0 [ 5082.032137] nfs41_sequence_process ERROR: -10052 Reset session [ 5082.033051] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5082.033883] nfs41_sequence_process: Error -10052 free the slot [ 5082.034713] nfs41_sequence_call_done ERROR -10052 [ 5082.035406] nfs4_schedule_lease_recovery: scheduling lease recovery for server <server> [ 5082.036710] nfs41_sequence_call_done rpc_cred 000000001946c07d [ 5082.037565] RPC: xs_tcp_send_request(100) = 0 [ 5082.038660] NFS: Got error -10052 from the server on DESTROY_SESSION. Session has been destroyed regardless... [ 5082.040040] --> nfs4_proc_create_session clp=00000000872dbfe2 session=00000000b29d3016 [ 5082.041071] nfs4_init_channel_attrs: Fore Channel : max_rqst_sz=1049620 max_resp_sz=1049480 max_ops=8 max_reqs=64 [ 5082.042467] nfs4_init_channel_attrs: Back Channel : max_rqst_sz=4096 max_resp_sz=4096 max_resp_sz_cached=0 max_ops=2 max_reqs=16 [ 5082.044069] nfs4_schedule_state_renewal: requeueing work. Lease period = 5 [ 5082.045066] RPC: xs_tcp_send_request(196) = 0 [ 5082.046099] nfs4_reset_session: session reset failed with status -10022 for server <server>! [ 5082.047361] nfs4_handle_reclaim_lease_error: handled error -10022 for server <server> [ 5082.048601] RPC: xs_tcp_send_request(244) = 0 [ 5082.049712] --> nfs4_proc_create_session clp=00000000872dbfe2 session=00000000b29d3016 [ 5082.050852] nfs4_init_channel_attrs: Fore Channel : max_rqst_sz=1049620 max_resp_sz=1049480 max_ops=8 max_reqs=64 [ 5082.052201] nfs4_init_channel_attrs: Back Channel : max_rqst_sz=4096 max_resp_sz=4096 max_resp_sz_cached=0 max_ops=2 max_reqs=16 [ 5082.053763] RPC: xs_tcp_send_request(196) = 0 [ 5082.055159] --> nfs4_setup_session_slot_tables [ 5082.055770] --> nfs4_realloc_slot_table: max_reqs=30, tbl->max_slots 30 [ 5082.056681] nfs4_realloc_slot_table: tbl=00000000cf1ff1fa slots=0000000002cd9cdc max_slots=30 [ 5082.057752] <-- nfs4_realloc_slot_table: return 0 [ 5082.058328] --> nfs4_realloc_slot_table: max_reqs=16, tbl->max_slots 16 [ 5082.059207] nfs4_realloc_slot_table: tbl=000000005982b642 slots=0000000017686be5 max_slots=16 [ 5082.060307] <-- nfs4_realloc_slot_table: return 0 [ 5082.060912] slot table setup returned 0 [ 5082.061403] nfs4_proc_create_session client>seqid 2 sessionid 1727263096:1126483273:1:0 [ 5082.062737] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5082.063857] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5082.064781] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=1 slotid=0 max_slotid=0 cache_this=0 [ 5082.066063] RPC: xs_tcp_send_request(132) = 0 [ 5082.068110] decode_attr_lease_time: lease time=90 [ 5082.068780] decode_attr_maxfilesize: maxfilesize=0 [ 5082.069411] decode_attr_maxread: maxread=1024 [ 5082.070006] decode_attr_maxwrite: maxwrite=1024 [ 5082.070612] decode_attr_time_delta: time_delta=0 0 [ 5082.071227] decode_attr_pnfstype: bitmap is 0 [ 5082.071810] decode_attr_layout_blksize: bitmap is 0 [ 5082.072452] decode_attr_clone_blksize: bitmap is 0 [ 5082.073090] decode_attr_change_attr_type: bitmap is 0 [ 5082.073735] decode_attr_xattrsupport: XATTR support=false [ 5082.074414] decode_fsinfo: xdr returned 0! [ 5082.075357] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5082.076299] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5082.077212] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5082.077909] nfs41_sequence_process: Error 0 free the slot [ 5082.078569] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5082.079571] nfs4_schedule_state_renewal: requeueing work. Lease period = 60 [ 5082.080520] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5082.081506] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5082.082376] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=2 slotid=0 max_slotid=0 cache_this=0 [ 5082.083612] RPC: xs_tcp_send_request(124) = 0 [ 5082.113634] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5082.114614] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5082.115482] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5082.116142] nfs41_sequence_process: Error 0 free the slot [ 5082.116772] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5082.117766] <-- nfs41_proc_reclaim_complete status=0 [ 5082.118379] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=16 [ 5082.119308] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5082.120110] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5082.120805] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5082.121690] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5082.122438] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 The client now shows the following error when trying to access files on the NFS mountpoint (shared is a directory in /mnt/nfs that is the mountpoint): client> ls /mnt/nfs/ ls: cannot access '/mnt/nfs/shared': Stale file handle shared While doing that, the client kernel log continues: [ 5121.788081] NFS: nfs_weak_revalidate: inode 33681408 is valid [ 5121.788941] NFS: revalidating (0:50/33681408) [ 5121.789816] --> nfs41_call_sync_prepare data->seq_server 00000000862cf9f3 [ 5121.790950] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5121.791958] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5121.792904] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=3 slotid=0 max_slotid=0 cache_this=0 [ 5121.794289] RPC: xs_tcp_send_request(172) = 0 [ 5121.799020] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5121.800014] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5121.800876] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5121.801562] nfs41_sequence_process: Error 0 free the slot [ 5121.802232] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5121.803240] nfs_revalidate_inode: (0:50/33681408) getattr failed, error=-116 [ 5121.804471] NFS: revalidating (0:50/33681408) [ 5121.805080] --> nfs41_call_sync_prepare data->seq_server 00000000862cf9f3 [ 5121.805968] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5121.806955] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5121.807885] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=4 slotid=0 max_slotid=0 cache_this=0 [ 5121.809522] RPC: xs_tcp_send_request(172) = 0 [ 5121.810845] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5121.811864] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5121.812791] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5121.813501] nfs41_sequence_process: Error 0 free the slot [ 5121.814207] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5121.815242] nfs_revalidate_inode: (0:50/33681408) getattr failed, error=-116 [ 5121.816279] NFS: nfs_weak_revalidate: inode 33681408 is invalid [ 5121.817311] NFS: revalidating (0:50/33681408) [ 5121.828500] NFS: nfs_weak_revalidate: inode 33681408 is invalid [ 5146.013099] nfs4_renew_state: start [ 5146.013647] nfs4_renew_state: failed to call renewd. Reason: lease not expired [ 5146.014510] nfs4_schedule_state_renewal: requeueing work. Lease period = 36 [ 5146.015356] nfs4_renew_state: done [ 5155.718411] NFS: nfs_weak_revalidate: inode 33681408 is valid [ 5155.719976] NFS: revalidating (0:50/33681408) [ 5155.720628] --> nfs41_call_sync_prepare data->seq_server 00000000862cf9f3 [ 5155.721545] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5155.722519] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5155.726973] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=6 slotid=0 max_slotid=0 cache_this=0 [ 5155.728990] RPC: xs_tcp_send_request(172) = 0 [ 5155.731070] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5155.732292] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5155.733384] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5155.734088] nfs41_sequence_process: Error 0 free the slot [ 5155.734867] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5155.741211] nfs_revalidate_inode: (0:50/33681408) getattr failed, error=-116 [ 5155.742647] NFS: revalidating (0:50/33681408) [ 5155.748003] --> nfs41_call_sync_prepare data->seq_server 00000000862cf9f3 [ 5155.748977] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5155.750066] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5155.754045] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=7 slotid=0 max_slotid=0 cache_this=0 [ 5155.757104] RPC: xs_tcp_send_request(172) = 0 [ 5155.759310] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5155.760383] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5155.761233] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5155.761870] nfs41_sequence_process: Error 0 free the slot [ 5155.762585] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5155.768250] nfs_revalidate_inode: (0:50/33681408) getattr failed, error=-116 [ 5155.769224] NFS: nfs_weak_revalidate: inode 33681408 is invalid [ 5155.771968] NFS: revalidating (0:50/33681408) [ 5155.772574] --> nfs41_call_sync_prepare data->seq_server 00000000862cf9f3 [ 5155.773522] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5155.774379] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5155.779036] encode_sequence: sessionid=1727263096:1126483273:1:0 seqid=8 slotid=0 max_slotid=0 cache_this=0 [ 5155.780960] RPC: xs_tcp_send_request(172) = 0 [ 5155.781797] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5155.782721] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5155.783734] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5155.784485] nfs41_sequence_process: Error 0 free the slot [ 5155.785084] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5155.789037] nfs_revalidate_inode: (0:50/33681408) getattr failed, error=-116 [ 5155.789873] NFS: nfs_weak_revalidate: inode 33681408 is invalid Unmounting and remounting the mountpoint puts the client into a working state again. Case 2 (ends up in a working state) =================================== Here, we also shutdown the NFS server, wait for a bit, but then perform a "warm" reboot. server> systemctl stop nfs-server ; sleep 30 seconds; reboot system The individual steps as seen from the client: server> systemctl stop nfs-server client kernel log> [ 5511.593152] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5511.593997] RPC: state 8 conn 1 dead 0 zapped 1 sk_shutdown 1 [ 5511.594763] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5511.595581] RPC: state 9 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5511.596371] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5511.597131] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5511.597957] RPC: xs_close xprt 0000000005eb3fd3 [ 5511.599868] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5511.600621] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 server> sleep 30; reboot [ 5526.935766] nfs4_renew_state: start [ 5526.936259] nfs4_renew_state: failed to call renewd. Reason: lease not expired [ 5526.937164] nfs4_schedule_state_renewal: requeueing work. Lease period = 36 [ 5526.938060] nfs4_renew_state: done [ 5563.799229] nfs4_renew_state: start [ 5563.799869] <-- nfs41_proc_async_sequence status=0 [ 5563.800512] nfs4_renew_state: done [ 5563.800990] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5563.802030] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5563.803244] encode_sequence: sessionid=1727263096:1126483275:2:0 seqid=43 slotid=0 max_slotid=0 cache_this=0 [ 5563.804487] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5563.805269] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:914: ok (0) [ 5563.806376] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5563.807676] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 [ 5578.071084] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5578.072089] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5578.072898] RPC: xs_error_report client 0000000005eb3fd3, error=113... [ 5578.074168] RPC: xs_close xprt 0000000005eb3fd3 [ 5578.074806] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5578.075629] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5578.076533] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5578.077353] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:791: ok (0) [ 5578.078422] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5578.079767] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 [ 5581.143007] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5581.144027] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5581.144804] RPC: xs_error_report client 0000000005eb3fd3, error=113... [ 5581.146013] RPC: xs_close xprt 0000000005eb3fd3 [ 5581.146667] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5581.147475] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5584.150918] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5584.151952] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:842: ok (0) [ 5584.153297] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5584.154840] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 [ 5587.223096] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5587.224119] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5587.224971] RPC: xs_error_report client 0000000005eb3fd3, error=113... [ 5587.226296] RPC: xs_close xprt 0000000005eb3fd3 [ 5587.227011] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5587.227878] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5590.230822] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5590.231841] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:893: ok (0) [ 5590.232897] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5590.234566] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 [ 5593.302883] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5593.303910] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5593.304850] RPC: xs_error_report client 0000000005eb3fd3, error=113... [ 5593.306104] RPC: xs_close xprt 0000000005eb3fd3 [ 5593.306799] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5593.307585] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5596.310840] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5596.311711] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:925: ok (0) [ 5596.312594] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5596.314192] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 The server is booting and the client recovers while logging this: [ 5602.390691] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5602.391719] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:980: ok (0) [ 5602.392668] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5602.394223] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 [ 5605.462614] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5605.463527] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5605.464312] RPC: xs_error_report client 0000000005eb3fd3, error=113... [ 5605.465430] RPC: xs_close xprt 0000000005eb3fd3 [ 5605.466074] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5605.466903] RPC: state 7 conn 0 dead 0 zapped 1 sk_shutdown 3 [ 5608.470590] RPC: xs_connect scheduled xprt 0000000005eb3fd3 [ 5608.471618] RPC: xs_bind 0000:0000:0000:0000:0000:0000:0000:0000:1015: ok (0) [ 5608.472730] RPC: worker connecting xprt 0000000005eb3fd3 via tcp to 2a02:238:f030:1c3::1136 (port 2049) [ 5608.474014] RPC: 0000000005eb3fd3 connect status 115 connected 0 sock state 2 [ 5609.495200] RPC: xs_tcp_state_change client 0000000005eb3fd3... [ 5609.496171] RPC: state 1 conn 0 dead 0 zapped 1 sk_shutdown 0 [ 5609.497356] RPC: xs_tcp_send_request(116) = 0 [ 5609.511115] nfs41_sequence_process ERROR: -10052 Reset session [ 5609.512033] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5609.512809] nfs41_sequence_process: Error -10052 free the slot [ 5609.513589] nfs41_sequence_call_done ERROR -10052 [ 5609.514246] nfs4_schedule_lease_recovery: scheduling lease recovery for server <server> [ 5609.515446] nfs41_sequence_call_done rpc_cred 000000001946c07d [ 5609.516272] RPC: xs_tcp_send_request(100) = 0 [ 5609.517198] NFS: Got error -10052 from the server on DESTROY_SESSION. Session has been destroyed regardless... [ 5609.518645] --> nfs4_proc_create_session clp=0000000002fc3705 session=000000009488146a [ 5609.519601] nfs4_init_channel_attrs: Fore Channel : max_rqst_sz=1049620 max_resp_sz=1049480 max_ops=8 max_reqs=64 [ 5609.520801] nfs4_init_channel_attrs: Back Channel : max_rqst_sz=4096 max_resp_sz=4096 max_resp_sz_cached=0 max_ops=2 max_reqs=16 [ 5609.523115] nfs4_schedule_state_renewal: requeueing work. Lease period = 5 [ 5609.524103] RPC: xs_tcp_send_request(196) = 0 [ 5609.525090] nfs4_reset_session: session reset failed with status -10022 for server <server>! [ 5609.526350] nfs4_handle_reclaim_lease_error: handled error -10022 for server <server> [ 5609.527548] RPC: xs_tcp_send_request(244) = 0 [ 5609.528414] --> nfs4_proc_create_session clp=0000000002fc3705 session=000000009488146a [ 5609.529500] nfs4_init_channel_attrs: Fore Channel : max_rqst_sz=1049620 max_resp_sz=1049480 max_ops=8 max_reqs=64 [ 5609.530905] nfs4_init_channel_attrs: Back Channel : max_rqst_sz=4096 max_resp_sz=4096 max_resp_sz_cached=0 max_ops=2 max_reqs=16 [ 5609.532526] RPC: xs_tcp_send_request(196) = 0 [ 5609.533669] --> nfs4_setup_session_slot_tables [ 5609.534365] --> nfs4_realloc_slot_table: max_reqs=30, tbl->max_slots 30 [ 5609.535199] nfs4_realloc_slot_table: tbl=000000009c22d728 slots=0000000025e05bce max_slots=30 [ 5609.536186] <-- nfs4_realloc_slot_table: return 0 [ 5609.536744] --> nfs4_realloc_slot_table: max_reqs=16, tbl->max_slots 16 [ 5609.537734] nfs4_realloc_slot_table: tbl=0000000002a05f6b slots=000000009aa80389 max_slots=16 [ 5609.538775] <-- nfs4_realloc_slot_table: return 0 [ 5609.539446] slot table setup returned 0 [ 5609.539994] nfs4_proc_create_session client>seqid 2 sessionid 1727263639:3068450331:1:0 [ 5609.541129] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5609.542047] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5609.543029] encode_sequence: sessionid=1727263639:3068450331:1:0 seqid=1 slotid=0 max_slotid=0 cache_this=0 [ 5609.544295] RPC: xs_tcp_send_request(132) = 0 [ 5609.545479] decode_attr_lease_time: lease time=90 [ 5609.546158] decode_attr_maxfilesize: maxfilesize=0 [ 5609.546798] decode_attr_maxread: maxread=1024 [ 5609.547357] decode_attr_maxwrite: maxwrite=1024 [ 5609.547943] decode_attr_time_delta: time_delta=0 0 [ 5609.548482] decode_attr_pnfstype: bitmap is 0 [ 5609.549005] decode_attr_layout_blksize: bitmap is 0 [ 5609.549534] decode_attr_clone_blksize: bitmap is 0 [ 5609.550125] decode_attr_change_attr_type: bitmap is 0 [ 5609.550766] decode_attr_xattrsupport: XATTR support=false [ 5609.551413] decode_fsinfo: xdr returned 0! [ 5609.552242] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5609.553039] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5609.553917] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5609.554541] nfs41_sequence_process: Error 0 free the slot [ 5609.555273] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5609.560764] nfs4_schedule_state_renewal: requeueing work. Lease period = 60 [ 5609.562070] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5609.563074] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5609.563980] encode_sequence: sessionid=1727263639:3068450331:1:0 seqid=2 slotid=0 max_slotid=0 cache_this=0 [ 5609.565352] RPC: xs_tcp_send_request(124) = 0 [ 5609.644135] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5609.645214] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5609.646049] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5609.646722] nfs41_sequence_process: Error 0 free the slot [ 5609.647369] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5609.648352] <-- nfs41_proc_reclaim_complete status=0 [ 5609.648964] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=16 [ 5609.649813] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5609.650544] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5609.651237] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5609.652134] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5609.652874] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5632.396766] NFS: permission(0:50/33681408), mask=0x81, res=-10 [ 5632.397471] NFS: revalidating (0:50/33681408) [ 5632.397973] --> nfs41_call_sync_prepare data->seq_server 000000001a362fd8 [ 5632.398705] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5632.399547] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5632.400600] encode_sequence: sessionid=1727263639:3068450331:1:0 seqid=3 slotid=0 max_slotid=0 cache_this=0 [ 5632.401933] RPC: xs_tcp_send_request(172) = 0 [ 5632.406551] decode_attr_type: type=040000 [ 5632.407276] decode_attr_change: change attribute=7 [ 5632.407922] decode_attr_size: file size=18 [ 5632.408428] decode_attr_fsid: fsid=(0x7de545f823d44d4e/0xadabff1eec0b0f80) [ 5632.409210] decode_attr_fileid: fileid=33681408 [ 5632.409752] decode_attr_fs_locations: fs_locations done, error = 0 [ 5632.410441] decode_attr_mode: file mode=0775 [ 5632.410944] decode_attr_nlink: nlink=3 [ 5632.411464] decode_attr_owner: uid=0 [ 5632.411953] decode_attr_group: gid=900 [ 5632.412473] decode_attr_rdev: rdev=(0x0:0x0) [ 5632.412982] decode_attr_space_used: space used=0 [ 5632.413558] decode_attr_time_access: atime=1727245731 [ 5632.414115] decode_attr_time_metadata: ctime=1727245730 [ 5632.414746] decode_attr_time_modify: mtime=1727245730 [ 5632.415336] decode_attr_mounted_on_fileid: fileid=33681408 [ 5632.416084] decode_getfattr_attrs: xdr returned 0 [ 5632.416712] decode_getfattr_generic: xdr returned 0 [ 5632.417833] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5632.418779] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5632.419659] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5632.420315] nfs41_sequence_process: Error 0 free the slot [ 5632.421024] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5632.422037] NFS: nfs_update_inode(0:50/33681408 fh_crc=0xd3a763c6 ct=2 info=0x427e7f) [ 5632.423110] NFS: (0:50/33681408) revalidation complete [ 5632.423890] NFS: permission(0:50/33681408), mask=0x1, res=0 [ 5632.424892] NFS: nfs_weak_revalidate: inode 33681408 is valid [ 5632.428895] NFS: permission(0:50/33681408), mask=0x81, res=0 [ 5632.429693] NFS: revalidating (0:50/33681408) [ 5632.430402] --> nfs41_call_sync_prepare data->seq_server 000000001a362fd8 [ 5632.431191] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5632.432112] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5632.433025] encode_sequence: sessionid=1727263639:3068450331:1:0 seqid=4 slotid=0 max_slotid=0 cache_this=0 [ 5632.434228] RPC: xs_tcp_send_request(172) = 0 [ 5632.435149] decode_attr_type: type=040000 [ 5632.435692] decode_attr_change: change attribute=7 [ 5632.436237] decode_attr_size: file size=18 [ 5632.436738] decode_attr_fsid: fsid=(0x7de545f823d44d4e/0xadabff1eec0b0f80) [ 5632.437518] decode_attr_fileid: fileid=33681408 [ 5632.438052] decode_attr_fs_locations: fs_locations done, error = 0 [ 5632.438796] decode_attr_mode: file mode=0775 [ 5632.439312] decode_attr_nlink: nlink=3 [ 5632.439772] decode_attr_owner: uid=0 [ 5632.440147] decode_attr_group: gid=900 [ 5632.440582] decode_attr_rdev: rdev=(0x0:0x0) [ 5632.441272] decode_attr_space_used: space used=0 [ 5632.441998] decode_attr_time_access: atime=1727245731 [ 5632.442796] decode_attr_time_metadata: ctime=1727245730 [ 5632.443613] decode_attr_time_modify: mtime=1727245730 [ 5632.444374] decode_attr_mounted_on_fileid: fileid=33681408 [ 5632.445216] decode_getfattr_attrs: xdr returned 0 [ 5632.445948] decode_getfattr_generic: xdr returned 0 [ 5632.447188] --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30 [ 5632.448043] <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1 [ 5632.448876] nfs4_free_slot: slotid 1 highest_used_slotid 0 [ 5632.449551] nfs41_sequence_process: Error 0 free the slot [ 5632.450206] nfs4_free_slot: slotid 0 highest_used_slotid 4294967295 [ 5632.451060] NFS: nfs_update_inode(0:50/33681408 fh_crc=0xd3a763c6 ct=2 info=0x427e7f) [ 5632.451966] NFS: (0:50/33681408) revalidation complete [ 5632.452663] NFS: nfs_weak_revalidate: inode 33681408 is valid [ 5632.453284] NFS: permission(0:50/33681408), mask=0x24, res=0 [ 5632.454370] NFS: open dir(/) [ 5632.454787] NFS: readdir(/) starting at cookie 0 [ 5632.455619] NFS: nfs_do_filldir() filling ended @ cookie 512 [ 5632.456475] NFS: readdir(/) returns 0 [ 5632.457038] NFS: permission(0:50/33681408), mask=0x81, res=0 [ 5632.457862] NFS: revalidating (0:50/1677168) [ 5632.458536] --> nfs41_call_sync_prepare data->seq_server 000000001a362fd8 [ 5632.459514] --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30 [ 5632.460527] <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0 [ 5632.461465] encode_sequence: sessionid=1727263639:3068450331:1:0 seqid=5 slotid=0 max_slotid=0 cache_this=0 [ 5632.462847] RPC: xs_tcp_send_request(184) = 0 I’m at the point where I’m considering that this might be a bug. Hugs, Christian -- Christian Theune · ct(a)flyingcircus.io · +49 345 219401 0 Flying Circus Internet Operations GmbH · https://flyingcircus.io Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

11 months, 2 weeks

2
3
0 0

[PATCH] r8169: Potential divizion by zero in rtl_set_coalesce()

by George Rurikov

Variable 'scale', whose possible value set allows a zero value in a check at r8169_main.c:2014, is used as a denominator at r8169_main.c:2040 and r8169_main.c:2042. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 2815b30535a0 ("r8169: merge scale for tx and rx irq coalescing") Cc: stable(a)vger.kernel.org Signed-off-by: George Rurikov <g.ryurikov(a)securitycode.ru> --- drivers/net/ethernet/realtek/r8169_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..b97e68cfcfad 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -2011,7 +2011,7 @@ static int rtl_set_coalesce(struct net_device *dev, coal_usec_max = max(ec->rx_coalesce_usecs, ec->tx_coalesce_usecs); scale = rtl_coalesce_choose_scale(tp, coal_usec_max, &cp01); - if (scale < 0) + if (scale <= 0) return scale; /* Accept max_frames=1 we returned in rtl_get_coalesce. Accept it -- 2.34.1 Заявление о конфиденциальности Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.

11 months, 2 weeks

2
1
0 0

[PATCH 5.10.y 5.15.y] gpiolib: cdev: Ignore reconfiguration without direction

by Kent Gibson

[ Upstream commit b440396387418fe2feaacd41ca16080e7a8bc9ad ] linereq_set_config() behaves badly when direction is not set. The configuration validation is borrowed from linereq_create(), where, to verify the intent of the user, the direction must be set to in order to effect a change to the electrical configuration of a line. But, when applied to reconfiguration, that validation does not allow for the unset direction case, making it possible to clear flags set previously without specifying the line direction. Adding to the inconsistency, those changes are not immediately applied by linereq_set_config(), but will take effect when the line value is next get or set. For example, by requesting a configuration with no flags set, an output line with GPIO_V2_LINE_FLAG_ACTIVE_LOW and GPIO_V2_LINE_FLAG_OPEN_DRAIN set could have those flags cleared, inverting the sense of the line and changing the line drive to push-pull on the next line value set. Skip the reconfiguration of lines for which the direction is not set, and only reconfigure the lines for which direction is set. Fixes: a54756cb24ea ("gpiolib: cdev: support GPIO_V2_LINE_SET_CONFIG_IOCTL") Signed-off-by: Kent Gibson <warthog618(a)gmail.com> Link: https://lore.kernel.org/r/20240626052925.174272-3-warthog618@gmail.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- drivers/gpio/gpiolib-cdev.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index c2f9d95d1086..fe0926ce0068 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1186,15 +1186,18 @@ static long linereq_set_config_unlocked(struct linereq *lr, for (i = 0; i < lr->num_lines; i++) { desc = lr->lines[i].desc; flags = gpio_v2_line_config_flags(lc, i); + /* + * Lines not explicitly reconfigured as input or output + * are left unchanged. + */ + if (!(flags & GPIO_V2_LINE_DIRECTION_FLAGS)) + continue; + polarity_change = (!!test_bit(FLAG_ACTIVE_LOW, &desc->flags) != ((flags & GPIO_V2_LINE_FLAG_ACTIVE_LOW) != 0)); gpio_v2_line_config_flags_to_desc_flags(flags, &desc->flags); - /* - * Lines have to be requested explicitly for input - * or output, else the line will be treated "as is". - */ if (flags & GPIO_V2_LINE_FLAG_OUTPUT) { int val = gpio_v2_line_config_output_value(lc, i); @@ -1202,7 +1205,7 @@ static long linereq_set_config_unlocked(struct linereq *lr, ret = gpiod_direction_output(desc, val); if (ret) return ret; - } else if (flags & GPIO_V2_LINE_FLAG_INPUT) { + } else { ret = gpiod_direction_input(desc); if (ret) return ret; -- 2.39.5

11 months, 2 weeks

1
0
0 0

[PATCH 6.1.y 6.6.y] gpiolib: cdev: Ignore reconfiguration without direction

by Kent Gibson

[ Upstream commit b440396387418fe2feaacd41ca16080e7a8bc9ad ] linereq_set_config() behaves badly when direction is not set. The configuration validation is borrowed from linereq_create(), where, to verify the intent of the user, the direction must be set to in order to effect a change to the electrical configuration of a line. But, when applied to reconfiguration, that validation does not allow for the unset direction case, making it possible to clear flags set previously without specifying the line direction. Adding to the inconsistency, those changes are not immediately applied by linereq_set_config(), but will take effect when the line value is next get or set. For example, by requesting a configuration with no flags set, an output line with GPIO_V2_LINE_FLAG_ACTIVE_LOW and GPIO_V2_LINE_FLAG_OPEN_DRAIN set could have those flags cleared, inverting the sense of the line and changing the line drive to push-pull on the next line value set. Skip the reconfiguration of lines for which the direction is not set, and only reconfigure the lines for which direction is set. Fixes: a54756cb24ea ("gpiolib: cdev: support GPIO_V2_LINE_SET_CONFIG_IOCTL") Signed-off-by: Kent Gibson <warthog618(a)gmail.com> Link: https://lore.kernel.org/r/20240626052925.174272-3-warthog618@gmail.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- drivers/gpio/gpiolib-cdev.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c index d526a4c91e82..545998e9f6ad 100644 --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1565,12 +1565,14 @@ static long linereq_set_config_unlocked(struct linereq *lr, line = &lr->lines[i]; desc = lr->lines[i].desc; flags = gpio_v2_line_config_flags(lc, i); - gpio_v2_line_config_flags_to_desc_flags(flags, &desc->flags); - edflags = flags & GPIO_V2_LINE_EDGE_DETECTOR_FLAGS; /* - * Lines have to be requested explicitly for input - * or output, else the line will be treated "as is". + * Lines not explicitly reconfigured as input or output + * are left unchanged. */ + if (!(flags & GPIO_V2_LINE_DIRECTION_FLAGS)) + continue; + gpio_v2_line_config_flags_to_desc_flags(flags, &desc->flags); + edflags = flags & GPIO_V2_LINE_EDGE_DETECTOR_FLAGS; if (flags & GPIO_V2_LINE_FLAG_OUTPUT) { int val = gpio_v2_line_config_output_value(lc, i); @@ -1578,7 +1580,7 @@ static long linereq_set_config_unlocked(struct linereq *lr, ret = gpiod_direction_output(desc, val); if (ret) return ret; - } else if (flags & GPIO_V2_LINE_FLAG_INPUT) { + } else { ret = gpiod_direction_input(desc); if (ret) return ret; -- 2.39.5

11 months, 2 weeks

1
0
0 0

[PATCH -next 0/2] Fix memory leaks for kobject

by Gaosheng Cui

Fix two memory leaks for kobject name, thanks! Gaosheng Cui (2): kobject: fix memory leak in kset_register() due to uninitialized kset->kobj.ktype kobject: fix memory leak when kobject_add_varg() returns error lib/kobject.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) -- 2.25.1

11 months, 2 weeks

3
6
0 0

[PATCH v9 1/3] ufs: core: fix the issue of ICU failure

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> When setting the ICU bit without using read-modify-write, SQRTCy will restart SQ again and receive an RTC return error code 2 (Failure - SQ not stopped). Additionally, the error log has been modified so that this type of error can be observed. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bao D. Nguyen <quic_nguyenb(a)quicinc.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/ufs/core/ufs-mcq.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 5891cdacd0b3..3903947dbed1 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -539,7 +539,7 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) struct scsi_cmnd *cmd = lrbp->cmd; struct ufs_hw_queue *hwq; void __iomem *reg, *opr_sqd_base; - u32 nexus, id, val; + u32 nexus, id, val, rtc; int err; if (hba->quirks & UFSHCD_QUIRK_MCQ_BROKEN_RTC) @@ -569,17 +569,18 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) opr_sqd_base = mcq_opr_base(hba, OPR_SQD, id); writel(nexus, opr_sqd_base + REG_SQCTI); - /* SQRTCy.ICU = 1 */ - writel(SQ_ICU, opr_sqd_base + REG_SQRTC); + /* Initiate Cleanup */ + writel(readl(opr_sqd_base + REG_SQRTC) | SQ_ICU, + opr_sqd_base + REG_SQRTC); /* Poll SQRTSy.CUS = 1. Return result from SQRTSy.RTC */ reg = opr_sqd_base + REG_SQRTS; err = read_poll_timeout(readl, val, val & SQ_CUS, 20, MCQ_POLL_US, false, reg); - if (err) - dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%ld\n", - __func__, id, task_tag, - FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg))); + rtc = FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg)); + if (err || rtc) + dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%d RTC=%d\n", + __func__, id, task_tag, err, rtc); if (ufshcd_mcq_sq_start(hba, hwq)) err = -ETIMEDOUT; -- 2.45.2

11 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024