From 58f571c92c3ecfa17ed80859f80f94aa21093be4 Mon Sep 17 00:00:00 2001
From: Bastian Blank <waldi@debian.org>
Date: Tue, 28 Feb 2012 13:24:31 +0000
Subject: [PATCH] NFSv4: Fix an Oops in the NFSv4 getacl code.

* debian/changelog: Uodate.
* debian/patches: Add patch.

svn path=/dists/sid/linux-2.6/; revision=18750
---
 debian/changelog                              |  1 +
 ...Fix-an-Oops-in-the-NFSv4-getacl-code.patch | 96 +++++++++++++++++++
 debian/patches/series/base                    |  1 +
 3 files changed, 98 insertions(+)
 create mode 100644 debian/patches/bugfix/all/nfsv4-Fix-an-Oops-in-the-NFSv4-getacl-code.patch

diff --git a/debian/changelog b/debian/changelog
index b62bf097d..dd235e377 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -38,6 +38,7 @@ linux-2.6 (3.2.7-1) UNRELEASED; urgency=low
   * [alpha,hppa] Don't built-in ext2.
   * Remove IDE trigger for LED support.
   * Remove all framebuffer bootup logos.
+  * NFSv4: Fix an Oops in the NFSv4 getacl code.
 
  -- Ben Hutchings <ben@decadent.org.uk>  Fri, 17 Feb 2012 03:29:39 +0000
 
diff --git a/debian/patches/bugfix/all/nfsv4-Fix-an-Oops-in-the-NFSv4-getacl-code.patch b/debian/patches/bugfix/all/nfsv4-Fix-an-Oops-in-the-NFSv4-getacl-code.patch
new file mode 100644
index 000000000..7e038193d
--- /dev/null
+++ b/debian/patches/bugfix/all/nfsv4-Fix-an-Oops-in-the-NFSv4-getacl-code.patch
@@ -0,0 +1,96 @@
+From 331818f1c468a24e581aedcbe52af799366a9dfe Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Fri, 3 Feb 2012 18:30:53 -0500
+Subject: [PATCH] NFSv4: Fix an Oops in the NFSv4 getacl code
+
+Commit bf118a342f10dafe44b14451a1392c3254629a1f (NFSv4: include bitmap
+in nfsv4 get acl data) introduces the 'acl_scratch' page for the case
+where we may need to decode multi-page data. However it fails to take
+into account the fact that the variable may be NULL (for the case where
+we're not doing multi-page decode), and it also attaches it to the
+encoding xdr_stream rather than the decoding one.
+
+The immediate result is an Oops in nfs4_xdr_enc_getacl due to the
+call to page_address() with a NULL page pointer.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Cc: Andy Adamson <andros@netapp.com>
+Cc: stable@vger.kernel.org
+---
+ fs/nfs/nfs4proc.c       |    8 ++++----
+ fs/nfs/nfs4xdr.c        |    5 ++++-
+ include/linux/nfs_xdr.h |    2 +-
+ 3 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index f0c849c..d202e04 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -3575,8 +3575,8 @@ static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t bu
+ 	}
+ 	if (npages > 1) {
+ 		/* for decoding across pages */
+-		args.acl_scratch = alloc_page(GFP_KERNEL);
+-		if (!args.acl_scratch)
++		res.acl_scratch = alloc_page(GFP_KERNEL);
++		if (!res.acl_scratch)
+ 			goto out_free;
+ 	}
+ 	args.acl_len = npages * PAGE_SIZE;
+@@ -3612,8 +3612,8 @@ out_free:
+ 	for (i = 0; i < npages; i++)
+ 		if (pages[i])
+ 			__free_page(pages[i]);
+-	if (args.acl_scratch)
+-		__free_page(args.acl_scratch);
++	if (res.acl_scratch)
++		__free_page(res.acl_scratch);
+ 	return ret;
+ }
+ 
+diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
+index 95e92e4..33bd8d0 100644
+--- a/fs/nfs/nfs4xdr.c
++++ b/fs/nfs/nfs4xdr.c
+@@ -2522,7 +2522,6 @@ static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr,
+ 
+ 	xdr_inline_pages(&req->rq_rcv_buf, replen << 2,
+ 		args->acl_pages, args->acl_pgbase, args->acl_len);
+-	xdr_set_scratch_buffer(xdr, page_address(args->acl_scratch), PAGE_SIZE);
+ 
+ 	encode_nops(&hdr);
+ }
+@@ -6032,6 +6031,10 @@ nfs4_xdr_dec_getacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
+ 	struct compound_hdr hdr;
+ 	int status;
+ 
++	if (res->acl_scratch != NULL) {
++		void *p = page_address(res->acl_scratch);
++		xdr_set_scratch_buffer(xdr, p, PAGE_SIZE);
++	}
+ 	status = decode_compound_hdr(xdr, &hdr);
+ 	if (status)
+ 		goto out;
+diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
+index a764cef..d6ba9a1 100644
+--- a/include/linux/nfs_xdr.h
++++ b/include/linux/nfs_xdr.h
+@@ -614,7 +614,6 @@ struct nfs_getaclargs {
+ 	size_t				acl_len;
+ 	unsigned int			acl_pgbase;
+ 	struct page **			acl_pages;
+-	struct page *			acl_scratch;
+ 	struct nfs4_sequence_args 	seq_args;
+ };
+ 
+@@ -624,6 +623,7 @@ struct nfs_getaclres {
+ 	size_t				acl_len;
+ 	size_t				acl_data_offset;
+ 	int				acl_flags;
++	struct page *			acl_scratch;
+ 	struct nfs4_sequence_res	seq_res;
+ };
+ 
+-- 
+1.7.9
+
diff --git a/debian/patches/series/base b/debian/patches/series/base
index 63730c61c..31536d2c6 100644
--- a/debian/patches/series/base
+++ b/debian/patches/series/base
@@ -81,3 +81,4 @@
 + bugfix/x86/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge.patch
 + bugfix/x86/drm-i915-fix-operator-precedence-when-enabling-RC6p.patch
 + bugfix/all/ipsec-be-careful-of-non-existing-mac-headers.patch
++ bugfix/all/nfsv4-Fix-an-Oops-in-the-NFSv4-getacl-code.patch