From 9d4d855d1f1df2b80df54891b9076d4b985a9663 Mon Sep 17 00:00:00 2001
From: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Date: Mar 23 2020 15:21:20 +0000
Subject: nfs-ganesha 3.2-2, compound-op-fails SEGV


Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>

---

diff --git a/SOURCES/0002-Fix-seg-fault-when-NFSv4-compound-op-fails-for-regul.patch b/SOURCES/0002-Fix-seg-fault-when-NFSv4-compound-op-fails-for-regul.patch
new file mode 100644
index 0000000..cd90b51
--- /dev/null
+++ b/SOURCES/0002-Fix-seg-fault-when-NFSv4-compound-op-fails-for-regul.patch
@@ -0,0 +1,91 @@
+From bbc92214b5b104550bb1bad6865ad4bf461ef935 Mon Sep 17 00:00:00 2001
+From: "ashish.sangwan" <ashishsangwan2@gmail.com>
+Date: Tue, 21 Jan 2020 02:55:02 -0800
+Subject: [PATCH] Fix seg fault when NFSv4 compound op fails for regular files.
+
+We are hitting this seg-fault on our system:
+3  0x00007f2837583f2d in mdcache_handle_to_key (obj_hdl=0x7f281f01a638, fh_desc=0x7f281def8b70) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_handle.c:1377
+4  0x00007f28374dea77 in state_obj_value_hash_func (hparam=0x7f2831838000, key=0x7f281defb500) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state_id.c:369
+5  0x00007f28374a2f51 in compute (ht=0x7f2831838000, key=0x7f281defb500, index=0x7f281defac54, rbt_hash=0x7f281defac40) at /usr/src/debug/nfs-ganesha-2.8.3/hashtable/hashtable.c:253
+6  0x00007f28374a39b0 in hashtable_getlatch (ht=0x7f2831838000, key=0x7f281defb500, val=0x7f281defb4e0, may_write=true, latch=0x7f281defb4c0) at /usr/src/debug/nfs-ganesha-2.8.3/hashtable/hashtable.c:490
+7  0x00007f28374df971 in nfs4_State_Del (state=0x7f281f04b480) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state_id.c:759
+8  0x00007f28374d9363 in _state_del_locked (state=0x7f281f04b480, func=0x7f28375d7ee0 <__func__.20139> "state_nfs4_state_wipe", line=669) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state.c:351
+9  0x00007f28374db4ac in state_nfs4_state_wipe (ostate=0x7f281f01a890) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state.c:669
+10 0x00007f28374cf045 in state_wipe_file (obj=0x7f281f01a638) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/state_misc.c:1323
+11 0x00007f28375a247c in _mdcache_lru_unref (entry=0x7f281f01a600, flags=0, func=0x7f28375fb8ef <__func__.23337> "mdcache_put", line=199) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_lru.c:2017
+12 0x00007f283757f363 in mdcache_put (entry=0x7f281f01a600) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_lru.h:199
+13 0x00007f28375842e0 in mdcache_put_ref (obj_hdl=0x7f281f01a638) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_handle.c:1540
+14 0x00007f283752e6cc in set_current_entry (data=0x7f2818c4e300, obj=0x0) at /usr/src/debug/nfs-ganesha-2.8.3/include/nfs_proto_data.h:392
+15 0x00007f2837530838 in compound_data_Free (data=0x7f2818c4e300) at /usr/src/debug/nfs-ganesha-2.8.3/Protocols/NFS/nfs4_Compound.c:1451
+16 0x00007f2837530584 in nfs4_Compound (arg=0x7f2818c23028, req=0x7f2818c22800, res=0x7f2818c4e1c0) at /usr/src/debug/nfs-ganesha-2.8.3/Protocols/NFS/nfs4_Compound.c:1362
+17 0x00007f28374576c2 in nfs_rpc_process_request (reqdata=0x7f2818c22800) at /usr/src/debug/nfs-ganesha-2.8.3/MainNFSD/nfs_worker_thread.c:1986
+
+(gdb) f 3
+1377		subcall(
+(gdb) p op_ctx->ctx_export
+$2 = (struct gsh_export *) 0x0
+(gdb) f 11
+2017				state_wipe_file(&entry->obj_handle);
+(gdb) p entry->lru
+$1 = {q = {next = 0x7f2837854aa0 <LRU+3424>, prev = 0x7f2837854aa0 <LRU+3424>}, qid = LRU_ENTRY_CLEANUP, refcnt = 2, flags = 3, lane = 15, cf = 0}
+
+The current compound op being executed is setattr which fails with ERR_FSAL_STALE because the file is deleted.
+When we get ERR_FSAL_STALE in setattr we call mdcache_kill_entry which moves the mdcache entry to cleanup lane
+and when we try to delete the state as part of cleanup, we hit this crash.
+All the ops which are calling mdcache_kill_entry on receiving error for regular files could hit this crash.
+We should not reset ctx_export until the compond data is freed.
+
+Signed-off-by: ashish.sangwan <ashishsangwan2@gmail.com>
+Change-Id: I3859e6e4599233c67d7640711e05cc5ab8647a3e
+---
+ src/Protocols/NFS/nfs4_Compound.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/src/Protocols/NFS/nfs4_Compound.c b/src/Protocols/NFS/nfs4_Compound.c
+index 42fd55009..64186642c 100644
+--- a/src/Protocols/NFS/nfs4_Compound.c
++++ b/src/Protocols/NFS/nfs4_Compound.c
+@@ -1052,12 +1052,6 @@ void complete_nfs4_compound(compound_data_t *data, int status,
+ 		LogDebug(COMPONENT_NFS_V4, "End status = %s lastindex = %d",
+ 			 nfsstat4_to_str(status), data->oppos);
+ 
+-	/* release current active export in op_ctx. */
+-	if (op_ctx->ctx_export) {
+-		put_gsh_export(op_ctx->ctx_export);
+-		op_ctx->ctx_export = NULL;
+-		op_ctx->fsal_export = NULL;
+-	}
+ }
+ 
+ static enum xprt_stat nfs4_compound_resume(struct svc_req *req)
+@@ -1106,6 +1100,13 @@ static enum xprt_stat nfs4_compound_resume(struct svc_req *req)
+ 	complete_nfs4_compound(data, status, result);
+ 
+ 	compound_data_Free(data);
++	/* release current active export in op_ctx. */
++	if (op_ctx->ctx_export) {
++		put_gsh_export(op_ctx->ctx_export);
++		op_ctx->ctx_export = NULL;
++		op_ctx->fsal_export = NULL;
++	}
++
+ 
+ 	nfs_rpc_complete_async_request(reqdata, NFS_REQ_OK);
+ 
+@@ -1342,6 +1343,13 @@ out:
+ 
+ 	compound_data_Free(data);
+ 
++	/* release current active export in op_ctx. */
++	if (op_ctx->ctx_export) {
++		put_gsh_export(op_ctx->ctx_export);
++		op_ctx->ctx_export = NULL;
++		op_ctx->fsal_export = NULL;
++	}
++
+ 	return drop ? NFS_REQ_DROP : NFS_REQ_OK;
+ }				/* nfs4_Compound */
+ 
+-- 
+2.24.1
+
diff --git a/SPECS/nfs-ganesha.spec b/SPECS/nfs-ganesha.spec
index c6bb4f4..c4b592b 100644
--- a/SPECS/nfs-ganesha.spec
+++ b/SPECS/nfs-ganesha.spec
@@ -130,12 +130,13 @@ Requires: openSUSE-release
 
 Name:		nfs-ganesha
 Version:	3.2
-Release:	1%{?dev:%{dev}}%{?dist}
+Release:	2%{?dev:%{dev}}%{?dist}
 Summary:	NFS-Ganesha is a NFS Server running in user space
 License:	LGPLv3+
 Url:		https://github.com/nfs-ganesha/nfs-ganesha/wiki
 
 Source0:	https://github.com/%{name}/%{name}/archive/V%{version}%{?dev:-%{dev}}/%{name}-%{version}%{?dev:-%{dev}}.tar.gz
+Patch0002:	0002-Fix-seg-fault-when-NFSv4-compound-op-fails-for-regul.patch
 
 BuildRequires:	cmake
 BuildRequires:	bison
@@ -891,6 +892,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Mar 23 2020 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 3.2-2
+- NFS-Ganesha 3.2, NFSv4-compound-op-fails SEGV
+
 * Thu Feb 20 2020 Kaleb S. KEITHLEY <kkeithle at redhat.com>
 - NFS-Ganesha 3.2, /var/log/ganesha