CVE-2024-56743

In the Linux kernel, the following vulnerability has been resolved:

nfscommon: must not hold RCU while calling nfsdfileputlocal

Move holding the RCU from nfstonfsdfileputlocal to nfstonfsdnetput. It is the call to nfsto->nfsdservput that requires the RCU anyway (the puts for nfsd_file and netns were combined to avoid an extra indirect reference but that micro-optimization isn't possible now).

This fixes xfstests generic/013 and it triggering:

"Voluntary context switch within RCU read-side critical section!"

[ 143.545738] Call Trace: [ 143.546206] <TASK> [ 143.546625] ? show_regs+0x6d/0x80 [ 143.547267] ? __warn+0x91/0x140 [ 143.547951] ? rcunotecontextswitch+0x496/0x5d0 [ 143.548856] ? reportbug+0x193/0x1a0 [ 143.549557] ? handlebug+0x63/0xa0 [ 143.550214] ? excinvalidop+0x1d/0x80 [ 143.550938] ? asmexcinvalidop+0x1f/0x30 [ 143.551736] ? rcunotecontextswitch+0x496/0x5d0 [ 143.552634] ? wakeuppreempt+0x62/0x70 [ 143.553358] __schedule+0xaa/0x1380 [ 143.554025] ? rawspinunlockirqrestore+0x12/0x40 [ 143.554958] ? trytowakeup+0x1fe/0x6b0 [ 143.555715] ? wakeupprocess+0x19/0x20 [ 143.556452] schedule+0x2e/0x120 [ 143.557066] schedulepreemptdisabled+0x19/0x30 [ 143.557933] rwsemdownreadslowpath+0x24d/0x4a0 [ 143.558818] ? xfsefiitemformat+0x50/0xc0 [xfs] [ 143.559894] downread+0x4e/0xb0 [ 143.560519] xlogcilcommit+0x1b2/0xbc0 [xfs] [ 143.561460] ? rawspin_unlock+0x12/0x30 [ 143.562212] ? xfsinodeitemprecommit+0xc7/0x220 [xfs] [ 143.563309] ? xfstransrunprecommits+0x69/0xd0 [xfs] [ 143.564394] __xfstranscommit+0xb5/0x330 [xfs] [ 143.565367] xfs_transroll+0x48/0xc0 [xfs] [ 143.566262] xfsdefertransroll+0x57/0x100 [xfs] [ 143.567278] xfsdeferfinishnoroll+0x27a/0x490 [xfs] [ 143.568342] xfsdeferfinish+0x1a/0x80 [xfs] [ 143.569267] xfsbunmapirange+0x4d/0xb0 [xfs] [ 143.570208] xfsitruncateextentsflags+0x13d/0x230 [xfs] [ 143.571353] xfsfreeeofblocks+0x12e/0x190 [xfs] [ 143.572359] xfsfilerelease+0x12d/0x140 [xfs] [ 143.573324] __fput+0xe8/0x2d0 [ 143.573922] __fputsync+0x1d/0x30 [ 143.574574] nfsdfilpclose+0x33/0x60 [nfsd] [ 143.575430] nfsdfilefree+0x96/0x150 [nfsd] [ 143.576274] nfsdfileput+0xf7/0x1a0 [nfsd] [ 143.577104] nfsdfileputlocal+0x18/0x30 [nfsd] [ 143.578070] nfscloselocalfh+0x101/0x110 [nfslocalio] [ 143.579079] __putnfsopen_context+0xc9/0x180 [nfs] [ 143.580031] nfsfileclearopencontext+0x4a/0x60 [nfs] [ 143.581038] nfsfilerelease+0x3e/0x60 [nfs] [ 143.581879] __fput+0xe8/0x2d0 [ 143.582464] __fput_sync+0x1d/0x30 [ 143.583108] __x64sysclose+0x41/0x80 [ 143.583823] x64syscall+0x189a/0x20d0 [ 143.584552] dosyscall64+0x64/0x170 [ 143.585240] entrySYSCALL64afterhwframe+0x76/0x7e [ 143.586185] RIP: 0033:0x7f3c5153efd7