!92 [sync] PR-91: backport bugfix patch from community

From: @openeuler-sync-bot 
Reviewed-by: @swf504 
Signed-off-by: @swf504

0008-svcgssd-Fix-use-after-free-bug-config-variables.patch

@@ -0,0 +1,41 @@
+From 2eabb25d5a43e48e769a0db29956e9f5dc5b5913 Mon Sep 17 00:00:00 2001
+From: Marcel Ritter <marcel@linux-ng.de>
+Date: Tue, 21 Jun 2022 09:19:17 -0400
+Subject: [PATCH] svcgssd: Fix use-after-free bug (config variables)
+
+This patch fixes a bug when trying to set "principal" in /etc/nfs.conf.
+Memory gets freed by conf_cleanup() before being used - moving cleanup
+code resolves that.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/svcgssd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
+index 881207b3..a242b789 100644
+--- a/utils/gssd/svcgssd.c
++++ b/utils/gssd/svcgssd.c
+@@ -211,9 +211,6 @@ main(int argc, char *argv[])
+ 	rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity);
+ 	idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity);
+ 
+-	/* We don't need the config anymore */
+-	conf_cleanup();
+-
+ 	while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
+ 		switch (opt) {
+ 			case 'f':
+@@ -328,6 +325,9 @@ main(int argc, char *argv[])
+ 
+ 	daemon_ready();
+ 
++	/* We don't need the config anymore */
++	conf_cleanup();
++
+ 	nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
+ 
+ 	rc = event_base_dispatch(evbase);
+-- 
+2.33.0
+

0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch

@@ -0,0 +1,33 @@
+From 40c5af17e76322bb1d030eee5dc7837946c90c08 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Thu, 21 Jul 2022 15:11:17 -0400
+Subject: [PATCH] rpc-pipefs-generator: allocate enough space for
+ pipefs-directory buffer
+
+Commit 7f8463fe fixed a warning but introduce
+a regression by not allocating enough space
+for the pipefs-directory buffer when it is
+not the default.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2106896
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ systemd/rpc-pipefs-generator.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/systemd/rpc-pipefs-generator.c b/systemd/rpc-pipefs-generator.c
+index 801975c..060f59c 100644
+--- a/systemd/rpc-pipefs-generator.c
++++ b/systemd/rpc-pipefs-generator.c
+@@ -28,7 +28,7 @@ static int generate_mount_unit(const char *pipefs_path, const char *pipefs_unit,
+ {
+ 	char	*path;
+ 	FILE	*f;
+-	size_t size = (strlen(dirname) + 1 + strlen(pipefs_unit));
++	size_t size = (strlen(dirname) + 1 + strlen(pipefs_unit) + 1);
+ 	path = malloc(size);
+ 	if (!path)
+ 		return 1;
+-- 
+2.33.0
+

0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch

@@ -0,0 +1,83 @@
+From cdbef4e97a1cbc68cbaf16ba57d71858d2c69973 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@kernel.org>
+Date: Tue, 10 Jan 2023 09:37:25 -0500
+Subject: [PATCH] nfs-utils: Don't allow junction tests to trigger automounts
+
+JianHong reported some strange behavior with automounts on an nfs server
+without an explicit pseudoroot. When clients issued a readdir in the
+pseudoroot, automounted directories that were not yet mounted would show
+up even if they weren't exported, though the clients wouldn't be able to
+do anything with them.
+
+The issue was that triggering the automount on a directory would cause
+the mountd upcall to time out, which would cause nfsd to include the
+automounted dentry in the readdir response. Eventually, the automount
+would work and report that it wasn't exported and subsequent attempts to
+access the dentry would (properly) fail.
+
+We never want mountd to trigger an automount. The kernel should do that
+if it wants to use it. Change the junction checks to do an O_PATH open
+and use fstatat with AT_NO_AUTOMOUNT.
+
+Cc: Chuck Lever <chuck.lever@oracle.com>
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=2148353
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
+Reported-by: JianHong Yin <jiyin@redhat.com>
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/junction/junction.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/support/junction/junction.c b/support/junction/junction.c
+index 41cce261..0628bb0f 100644
+--- a/support/junction/junction.c
++++ b/support/junction/junction.c
+@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd)
+ 	if (pathname == NULL || fd == NULL)
+ 		return FEDFS_ERR_INVAL;
+ 
+-	tmp = open(pathname, O_DIRECTORY);
++	tmp = open(pathname, O_PATH|O_DIRECTORY);
+ 	if (tmp == -1) {
+ 		switch (errno) {
+ 		case EPERM:
+@@ -93,7 +93,7 @@ junction_is_directory(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 				__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -121,7 +121,7 @@ junction_is_sticky_bit_set(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 				__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -155,7 +155,7 @@ junction_set_sticky_bit(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 			__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -393,7 +393,7 @@ junction_get_mode(const char *pathname, mode_t *mode)
+ 	if (retval != FEDFS_OK)
+ 		return retval;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 			__func__, pathname);
+ 		(void)close(fd);
+-- 
+2.33.0
+

0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch

@@ -0,0 +1,28 @@
+From 631c6aa34aae7328dc297210fd2de2d5364c697f Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 4 Jan 2023 12:04:09 -0500
+Subject: [PATCH] Covscan Scan: Wrong Check of Return Value
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2151966
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/client.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/export/client.c b/support/export/client.c
+index ea4f89d3..79164fef 100644
+--- a/support/export/client.c
++++ b/support/export/client.c
+@@ -699,6 +699,9 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
+ 
+ 	/* check whether the IP itself is in the netgroup */
+ 	ip = calloc(INET6_ADDRSTRLEN, 1);
++	if (ip == NULL)
++		goto out;
++
+ 	if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
+ 		if (innetgr(netgroup, ip, NULL, NULL)) {
+ 			free(hname);
+-- 
+2.33.0
+

0012-rpcdebug-avoid-buffer-underflow-if-read-returns-0.patch

@@ -0,0 +1,29 @@
+From a746c35822e557766d1871ec976490a71e6962d9 Mon Sep 17 00:00:00 2001
+From: Zhi Li <yieli@redhat.com>
+Date: Wed, 5 Apr 2023 12:08:10 -0400
+Subject: [PATCH] rpcdebug: avoid buffer underflow if read() returns 0
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2176740
+
+Signed-off-by: Zhi Li <yieli@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ tools/rpcdebug/rpcdebug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c
+index 68206cc5..ec05179e 100644
+--- a/tools/rpcdebug/rpcdebug.c
++++ b/tools/rpcdebug/rpcdebug.c
+@@ -257,7 +257,7 @@ get_flags(char *module)
+ 		perror(filename);
+ 		exit(1);
+ 	}
+-	if ((len = read(sysfd, buffer, sizeof(buffer))) < 0) {
++	if ((len = read(sysfd, buffer, sizeof(buffer))) <= 0) {
+ 		perror("read");
+ 		exit(1);
+ 	}
+-- 
+2.33.0
+

0013-export-Fix-rootdir-corner-case-in-next_mnt.patch

@@ -0,0 +1,58 @@
+From c0bf5895173972a0b86633c7d61d0de46798bbe1 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Wed, 5 Apr 2023 12:16:24 -0400
+Subject: [PATCH] export: Fix rootdir corner case in next_mnt()
+
+Currently the following setup causes failure:
+1. /etc/exports:
+/ *(rw,crossmnt,no_subtree_check,fsid=root)
+
+2. /etc/nfs.conf:
+[exports]
+ rootdir=/nfs_srv
+
+3. Mounts:
+/root/fs1.ext4 on /nfs_srv type ext4 (rw,relatime)
+/root/fs2.ext4 on /nfs_srv/fs2 type ext4 (rw,relatime)
+
+4. On the client:
+$ ls /nfs_client/fs2
+ls: cannot open directory '/nfs_client/fs2': Stale file handle
+
+The problem is that next_mnt() misses the corner case that
+every mount is a sub-mount of "/".
+So it fails to see that /nfs_srv/fs2 is a mountpoint when the
+client asks for fs2 it and as consequence the crossmnt mechanism
+fails.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/cache.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/support/export/cache.c b/support/export/cache.c
+index 2497d4f4..1c526277 100644
+--- a/support/export/cache.c
++++ b/support/export/cache.c
+@@ -410,12 +410,16 @@ static char *next_mnt(void **v, char *p)
+ 		*v = f;
+ 	} else
+ 		f = *v;
+-	while ((me = getmntent(f)) != NULL && l > 1) {
++	while ((me = getmntent(f)) != NULL && l >= 1) {
+ 		char *mnt_dir = nfsd_path_strip_root(me->mnt_dir);
+ 
+ 		if (!mnt_dir)
+ 			continue;
+ 
++		/* Everything below "/" is a proper sub-mount */
++		if (strcmp(p, "/") == 0)
++			return mnt_dir;
++
+ 		if (strncmp(mnt_dir, p, l) == 0 && mnt_dir[l] == '/')
+ 			return mnt_dir;
+ 	}
+-- 
+2.33.0
+

0014-Move-version.h-into-a-common-include-directory.patch

@@ -0,0 +1,64 @@
+From 47e6d7667cd7cd82c9033a3176afbdd2341065b0 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 22 Sep 2021 11:29:34 -0400
+Subject: [PATCH] Move version.h into a common include directory
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/include/version.h | 1 +
+ utils/gssd/svcgssd_krb5.c | 2 +-
+ utils/nfsd/nfssvc.c       | 2 +-
+ utils/nfsdcld/nfsdcld.c   | 2 +-
+ 4 files changed, 4 insertions(+), 3 deletions(-)
+ create mode 120000 support/include/version.h
+
+diff --git a/support/include/version.h b/support/include/version.h
+new file mode 120000
+index 00000000..b7db0bbb
+--- /dev/null
++++ b/support/include/version.h
+@@ -0,0 +1 @@
++../../utils/mount/version.h
+\ No newline at end of file
+diff --git a/utils/gssd/svcgssd_krb5.c b/utils/gssd/svcgssd_krb5.c
+index 305d4751..2503c384 100644
+--- a/utils/gssd/svcgssd_krb5.c
++++ b/utils/gssd/svcgssd_krb5.c
+@@ -46,7 +46,7 @@
+ #include "gss_oids.h"
+ #include "err_util.h"
+ #include "svcgssd_krb5.h"
+-#include "../mount/version.h"
++#include "version.h"
+ 
+ #define MYBUFLEN 1024
+ 
+diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
+index 720bdd97..46452d97 100644
+--- a/utils/nfsd/nfssvc.c
++++ b/utils/nfsd/nfssvc.c
+@@ -25,7 +25,7 @@
+ #include "nfslib.h"
+ #include "xlog.h"
+ #include "nfssvc.h"
+-#include "../mount/version.h"
++#include "version.h"
+ 
+ #ifndef NFSD_FS_DIR
+ #define NFSD_FS_DIR	  "/proc/fs/nfsd"
+diff --git a/utils/nfsdcld/nfsdcld.c b/utils/nfsdcld/nfsdcld.c
+index 636c3983..dbc7a57f 100644
+--- a/utils/nfsdcld/nfsdcld.c
++++ b/utils/nfsdcld/nfsdcld.c
+@@ -45,7 +45,7 @@
+ #include "cld.h"
+ #include "cld-internal.h"
+ #include "sqlite.h"
+-#include "../mount/version.h"
++#include "version.h"
+ #include "conffile.h"
+ #include "legacy.h"
+ 
+-- 
+2.25.1
+

0015-mountd-only-do-NFSv4-logging-on-supported-kernels.patch

@@ -0,0 +1,35 @@
+From feb3dfc7127cf1337530ccb06ed90e818b026a07 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 22 Sep 2021 11:31:56 -0400
+Subject: [PATCH] mountd: only do NFSv4 logging on supported kernels.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1979816
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/v4clients.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/export/v4clients.c b/support/export/v4clients.c
+index dd985463..5e4f1058 100644
+--- a/support/export/v4clients.c
++++ b/support/export/v4clients.c
+@@ -10,6 +10,7 @@
+ #include <sys/inotify.h>
+ #include <errno.h>
+ #include "export.h"
++#include "version.h"
+ 
+ /* search.h declares 'struct entry' and nfs_prot.h
+  * does too.  Easiest fix is to trick search.h into
+@@ -23,6 +24,8 @@ static int clients_fd = -1;
+ 
+ void v4clients_init(void)
+ {
++	if (linux_version_code() < MAKE_VERSION(5, 3, 0))
++		return;
+ 	if (clients_fd >= 0)
+ 		return;
+ 	clients_fd = inotify_init1(IN_NONBLOCK);
+-- 
+2.25.1
+

0016-libnfsidmap-try-to-get-the-domain-directly-from-host.patch

@@ -0,0 +1,54 @@
+From 90a23f7c6343bcb1b69c93ceccc14cc06e14d958 Mon Sep 17 00:00:00 2001
+From: Aram Akhavan <github@aram.nubmail.ca>
+Date: Sat, 15 Jul 2023 13:21:04 -0400
+Subject: [PATCH] libnfsidmap: try to get the domain directly from hostname if
+ the DNS lookup fails and always show the log message if the domain can't be
+ determined
+
+In nfs4_init_name_mapping(), if no domain is specified in the config file, the hostname will be looked up in DNS, and the domain extracted from that.
+If DNS resolution isn't up at this time (i.e. on idmapd startup), the hardcoded domain in IDMAPD_DEFAULT_DOMAIN is used. This will break id mapping
+for anyone who doesn't happen to use "localdomain". Previously, the log message indicating this has happened requires -v to be passed, so the
+"failure" was silent by default.
+
+Signed-off-by: Aram Akhavan <github@aram.nubmail.ca>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/nfsidmap/libnfsidmap.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c
+index 0a912e52..f8c36480 100644
+--- a/support/nfsidmap/libnfsidmap.c
++++ b/support/nfsidmap/libnfsidmap.c
+@@ -219,10 +219,15 @@ static int domain_from_dns(char **domain)
+ 
+ 	if (gethostname(hname, sizeof(hname)) == -1)
+ 		return -1;
+-	if ((he = gethostbyname(hname)) == NULL)
+-		return -1;
+-	if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
+-		return -1;
++	if ((he = gethostbyname(hname)) == NULL) {
++		IDMAP_LOG(1, ("libnfsidmap: DNS lookup of hostname failed. Attempting to use domain from hostname as is."));
++		if ((c = strchr(hname, '.')) == NULL || *++c == '\0')
++			return -1;
++	}
++	else {
++		if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
++			return -1;
++	}
+ 	/* 
+ 	 * Query DNS to see if the _nfsv4idmapdomain TXT record exists
+ 	 * If so use it... 
+@@ -387,7 +392,7 @@ int nfs4_init_name_mapping(char *conffile)
+ 		dflt = 1;
+ 		ret = domain_from_dns(&default_domain);
+ 		if (ret) {
+-			IDMAP_LOG(1, ("libnfsidmap: Unable to determine "
++			IDMAP_LOG(0, ("libnfsidmap: Unable to determine "
+ 				  "the NFSv4 domain; Using '%s' as the NFSv4 domain "
+ 				  "which means UIDs will be mapped to the 'Nobody-User' "
+ 				  "user defined in %s", 
+-- 
+2.39.2 (Apple Git-143)
+

0017-Fixed-a-regression-in-the-junction-code.patch

@@ -0,0 +1,31 @@
+From 7916134e5d9b1641effd3b6d964c806a09cfdcee Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Thu, 10 Aug 2023 11:57:39 -0400
+Subject: [PATCH] Fixed a regression in the junction code
+
+commit cdbef4e9 created a regression in the
+in the junction code by adding a O_PATH flag
+to the open() in junction_open_path()
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2213669
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/junction/junction.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/support/junction/junction.c b/support/junction/junction.c
+index 0628bb0f..c1ec8ff8 100644
+--- a/support/junction/junction.c
++++ b/support/junction/junction.c
+@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd)
+ 	if (pathname == NULL || fd == NULL)
+ 		return FEDFS_ERR_INVAL;
+ 
+-	tmp = open(pathname, O_PATH|O_DIRECTORY);
++	tmp = open(pathname, O_DIRECTORY);
+ 	if (tmp == -1) {
+ 		switch (errno) {
+ 		case EPERM:
+-- 
+2.39.2 (Apple Git-143)
+

0018-export-fix-handling-of-error-from-match_fsid.patch

@@ -0,0 +1,40 @@
+From 92a0f7d3cc7fc1206e0a763ab737f797b8946ca7 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 25 Oct 2023 12:34:45 -0400
+Subject: [PATCH] export: fix handling of error from match_fsid()
+
+If match_fsid() returns -1 we shouldn't assume that the path definitely
+doesn't match the fsid, though it might not.
+This is a similar situation to where an export is expected to be a mount
+point, but is found not to be one.  So it can be handled the same way,
+by setting 'dev_missing'.
+This will only have an effect if no other path matched the fsid, which
+is what we want.
+
+The current code results in nothing being exported if any export point,
+or any mount point beneath a crossmnt export point, fails a 'stat'
+request, which is too harsh.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/cache.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/support/export/cache.c b/support/export/cache.c
+index 19bbba5..e459502 100644
+--- a/support/export/cache.c
++++ b/support/export/cache.c
+@@ -858,7 +858,8 @@ static void nfsd_fh(int f)
+ 			case 0:
+ 				continue;
+ 			case -1:
+-				goto out;
++				dev_missing ++;
++				continue;
+ 			}
+ 			if (is_ipaddr_client(dom)
+ 					&& !ipaddr_client_matches(exp, ai))
+-- 
+1.8.3.1
+

0019-export-move-cache_open-before-workers-are-forked.patch

@@ -0,0 +1,76 @@
+From e115a6edfaa07203c6d6d40eba9e4f097efe0cf2 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 25 Oct 2023 12:40:24 -0400
+Subject: [PATCH] export: move cache_open() before workers are forked.
+
+If each worker has a separate open on a cache channel, then each worker
+will potentially receive every upcall request resulting in duplicated
+work.
+
+A worker will only not see a request that another worker sees if that
+other worker answers the request before this worker gets a chance to
+read it.
+
+To avoid duplicate effort between threads and so get maximum benefit
+from multiple threads, open the cache channels before forking.
+
+Note that the kernel provides locking so that only one thread can be
+reading to writing to any channel at any given moment.
+
+Fixes: 5fc3bac9e0c3 ("mountd: Ensure we don't share cache file descriptors among processes.")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/exportd/exportd.c | 8 ++++++--
+ utils/mountd/mountd.c   | 8 ++++++--
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/utils/exportd/exportd.c b/utils/exportd/exportd.c
+index 2dd12cb..6f86644 100644
+--- a/utils/exportd/exportd.c
++++ b/utils/exportd/exportd.c
+@@ -289,12 +289,16 @@ main(int argc, char **argv)
+ 	else if (num_threads > MAX_THREADS)
+ 		num_threads = MAX_THREADS;
+ 
++	/* Open cache channel files BEFORE forking so each upcall is
++	 * only handled by one thread.  Kernel provides locking for both
++	 * read and write.
++	 */
++	cache_open();
++
+ 	if (num_threads > 1)
+ 		fork_workers();
+ 
+ 
+-	/* Open files now to avoid sharing descriptors among forked processes */
+-	cache_open();
+ 	v4clients_init();
+ 
+ 	/* Process incoming upcalls */
+diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
+index bcf749f..f9c62cd 100644
+--- a/utils/mountd/mountd.c
++++ b/utils/mountd/mountd.c
+@@ -916,12 +916,16 @@ main(int argc, char **argv)
+ 	else if (num_threads > MAX_THREADS)
+ 		num_threads = MAX_THREADS;
+ 
++	/* Open cache channel files BEFORE forking so each upcall is
++	 * only handled by one thread.  Kernel provides locking for both
++	 * read and write.
++	 */
++	cache_open();
++
+ 	if (num_threads > 1)
+ 		fork_workers();
+ 
+ 	nfsd_path_init();
+-	/* Open files now to avoid sharing descriptors among forked processes */
+-	cache_open();
+ 	v4clients_init();
+ 
+ 	xlog(L_NOTICE, "Version " VERSION " starting");
+-- 
+1.8.3.1
+

0020-gssd-fix-handling-DNS-lookup-failure.patch

@@ -0,0 +1,116 @@
+From 75b04a9bff709a49f55326b439851822dd630be6 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 16 Oct 2023 11:45:54 -0400
+Subject: [PATCH] gssd: fix handling DNS lookup failure
+
+When the kernel does its first ever lookup for a given server ip it
+sends down info for server, protocol, etc. On the gssd side as it
+scans the pipefs structure and sees a new entry it reads that info
+and creates a clp_info structure. At that time it also does
+a DNS lookup of the provided ip to name using getnameinfo(),
+this is saved in clp->servername for all other upcalls that is
+down under that directory.
+
+If this 1st getnameinfo() results in a failed resolution for
+whatever reason (a temporary DNS resolution problem), this cause
+of all other future upcalls to fail.
+
+As a fix, this patch proposed to (1) save the server info that's
+passed only in the initial pipefs new entry creation in the
+clp_info structure, then (2) for the upcalls, if clp->servername
+is NULL, then do the DNS lookup again and set all the needed
+clp_info fields upon successful resolution.
+
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd.c | 41 +++++++++++++++++++++++++++++++++++++++++
+ utils/gssd/gssd.h |  6 ++++++
+ 2 files changed, 47 insertions(+)
+
+diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
+index 833d8e0..ca9b326 100644
+--- a/utils/gssd/gssd.c
++++ b/utils/gssd/gssd.c
+@@ -365,6 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
+ 
+ fail:
+ 	printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
++	clp->upcall_address = strdup(address);
++	clp->upcall_port = strdup(port);
++	clp->upcall_program = program;
++	clp->upcall_vers = version;
++	clp->upcall_protoname = strdup(protoname);
++	clp->upcall_service = strdup(service);
+ 	free(servername);
+ 	free(protoname);
+ 	clp->servicename = NULL;
+@@ -408,6 +414,16 @@ gssd_free_client(struct clnt_info *clp)
+ 	free(clp->servicename);
+ 	free(clp->servername);
+ 	free(clp->protocol);
++	if (!clp->servername) {
++		if (clp->upcall_address)
++			free(clp->upcall_address);
++		if (clp->upcall_port)
++			free(clp->upcall_port);
++		if (clp->upcall_protoname)
++			free(clp->upcall_protoname);
++		if (clp->upcall_service)
++			free(clp->upcall_service);
++	}
+ 	free(clp);
+ }
+ 
+@@ -446,6 +462,31 @@ gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
+ {
+ 	struct clnt_info *clp = data;
+ 
++	/* if there was a failure to translate IP to name for this server,
++	 * try again
++	 */
++	if (!clp->servername) {
++	        if (!gssd_addrstr_to_sockaddr((struct sockaddr *)&clp->addr,
++                                 clp->upcall_address, clp->upcall_port ?
++				 clp->upcall_port : "")) {
++			goto do_upcall;
++		}
++		clp->servername = gssd_get_servername(clp->upcall_address,
++				(struct sockaddr *)&clp->addr, clp->upcall_address);
++		if (!clp->servername)
++			goto do_upcall;
++
++		if (asprintf(&clp->servicename, "%s@%s", clp->upcall_service,
++					clp->servername) < 0) {
++			free(clp->servername);
++			clp->servername = NULL;
++			goto do_upcall;
++		}
++		clp->prog = clp->upcall_program;
++		clp->vers = clp->upcall_vers;
++		clp->protocol = strdup(clp->upcall_protoname);
++	}
++do_upcall:
+ 	handle_gssd_upcall(clp);
+ }
+ 
+diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
+index 519dc43..4e070ed 100644
+--- a/utils/gssd/gssd.h
++++ b/utils/gssd/gssd.h
+@@ -86,6 +86,12 @@ struct clnt_info {
+ 	int			gssd_fd;
+ 	struct event		*gssd_ev;
+ 	struct			sockaddr_storage addr;
++	char			*upcall_address;
++	char			*upcall_port;
++	int			upcall_program;
++	int			upcall_vers;
++	char			*upcall_protoname;
++	char			*upcall_service;
+ };
+ 
+ struct clnt_upcall_info {
+-- 
+1.8.3.1
+

nfs-utils.spec

@@ -4,7 +4,7 @@
 
 Name:    nfs-utils
 Version: 2.5.4
-Release: 10
+Release: 15
 Epoch:   2
 Summary: The Linux NFS userland utility package
 License: MIT and GPLv2 and GPLv2+ and BSD
@@ -20,6 +20,20 @@ Patch4:	 0004-fix-coredump-in-bl_add_disk.patch
 Patch5:  0005-Fix-format-overflow-warning.patch 
 Patch6:  0006-nfs-blkmaped-Fix-the-error-status-when-nfs_blkmapd-s.patch
 Patch7:  0007-nfs-blkmapd-PID-file-read-by-systemd-failed.patch
+Patch8:  0008-svcgssd-Fix-use-after-free-bug-config-variables.patch
+Patch9:  0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch
+Patch10: 0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
+Patch11: 0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch
+Patch12: 0012-rpcdebug-avoid-buffer-underflow-if-read-returns-0.patch
+Patch13: 0013-export-Fix-rootdir-corner-case-in-next_mnt.patch
+Patch14: 0014-Move-version.h-into-a-common-include-directory.patch
+Patch15: 0015-mountd-only-do-NFSv4-logging-on-supported-kernels.patch
+Patch16: 0016-libnfsidmap-try-to-get-the-domain-directly-from-host.patch
+Patch17: 0017-Fixed-a-regression-in-the-junction-code.patch
+Patch18: 0018-export-fix-handling-of-error-from-match_fsid.patch
+Patch19: 0019-export-move-cache_open-before-workers-are-forked.patch
+Patch20: 0020-gssd-fix-handling-DNS-lookup-failure.patch
+
 BuildRequires: libevent-devel,libcap-devel, libtirpc-devel libblkid-devel
 BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2
 BuildRequires: automake, libtool, gcc, device-mapper-devel
@@ -287,6 +301,21 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Thu Dec 14 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-15
+- backport bugfix patches from community
+
+* Tue Sep 12 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-14
+- backport bugfix patches from community
+
+* Tue Aug 29 2023 Zhiqiang Liu <liuzhiqiang26@huawei.com> - 2:2.5.4-13
+- backport two bugfix patches
+
+* Sun Jun 25 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-12
+- backport patches from community
+
+* Thu Mar 23 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-11
+- backport patches from community
+
 * Fri Nov 25 2022 fushanqing <fushanqing@kylinos.cn> - 2:2.5.4-10
 - add subpackage libnfsidmap and nfs-utils-min