Re: [ 92/95] NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate
On 09/10/2012 04:13 AM, Ben Hutchings wrote: > 3.2-stable review patch. If anyone has any objections, please let me know. > > -- > > From: Trond Myklebust > > Fix the following Oops in 3.5.1: > > BUG: unable to handle kernel NULL pointer dereference at 0038 > IP: [] nfs_lookup_revalidate+0x2d/0x480 [nfs] > PGD 337c63067 PUD 0 > Oops: [#1] SMP > CPU 5 > Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc > af_packet binfmt_misc cpufreq_conservative cpufreq_userspace > cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel > joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp > serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel > microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit > sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac > scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal > processor thermal_sys > > Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT > RIP: 0010:[] [] > nfs_lookup_revalidate+0x2d/0x480 [nfs] > RSP: 0018:8801b418bd38 EFLAGS: 00010292 > RAX: fff6 RBX: 88032016d800 RCX: 0020 > RDX: RSI: RDI: 8801824a7b00 > RBP: 8801b418bdf8 R08: 7f0034323030 R09: f04c03ed > R10: 8801824a7b00 R11: 0002 R12: 8801824a7b00 > R13: 8801824a7b00 R14: R15: 8803201725d0 > FS: 2b53a46cb700() GS:88033fc2() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 0038 CR3: 00020a426000 CR4: 07e0 > DR0: DR1: DR2: > DR3: DR6: 0ff0 DR7: 0400 > Process java (pid: 30431, threadinfo 8801b418a000, task 8801b5d20600) > Stack: > 8801b418be44 88032016d800 8801b418bdf8 > 8801824a7b00 8801b418bdd7 8803201725d0 8116a9c0 > 8801b5c38dc0 0007 88032016d800 > Call Trace: > [] lookup_dcache+0x80/0xe0 > [] __lookup_hash+0x23/0x90 > [] lookup_one_len+0xc5/0x100 > [] nfs_sillyrename+0xe3/0x210 [nfs] > [] vfs_unlink.part.25+0x7f/0xe0 > [] do_unlinkat+0x1ac/0x1d0 > [] system_call_fastpath+0x16/0x1b > [<2b5348b5f527>] 0x2b5348b5f526 > Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c > 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 46 38 40 0f > 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89 > RIP [] nfs_lookup_revalidate+0x2d/0x480 [nfs] > RSP > CR2: 0038 > ---[ end trace 845113ed191985dd ]--- > > This Oops affects 3.5 kernels and older, and is due to lookup_one_len() > calling down to the dentry revalidation code with a NULL pointer > to struct nameidata. Hmm.. in this case which filesystem is calling nfs_lookup_revalidate() with NULL nd? A similar patch has already been NACKed by Trond as it could break NFS exclusive creates. The discussion thread can be found here http://www.spinics.net/lists/linux-nfs/msg20932.html Thanks Suresh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [ 92/95] NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate
On 09/10/2012 04:13 AM, Ben Hutchings wrote: 3.2-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust trond.mykleb...@netapp.com Fix the following Oops in 3.5.1: BUG: unable to handle kernel NULL pointer dereference at 0038 IP: [a03789cd] nfs_lookup_revalidate+0x2d/0x480 [nfs] PGD 337c63067 PUD 0 Oops: [#1] SMP CPU 5 Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc af_packet binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal processor thermal_sys Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT RIP: 0010:[a03789cd] [a03789cd] nfs_lookup_revalidate+0x2d/0x480 [nfs] RSP: 0018:8801b418bd38 EFLAGS: 00010292 RAX: fff6 RBX: 88032016d800 RCX: 0020 RDX: RSI: RDI: 8801824a7b00 RBP: 8801b418bdf8 R08: 7f0034323030 R09: f04c03ed R10: 8801824a7b00 R11: 0002 R12: 8801824a7b00 R13: 8801824a7b00 R14: R15: 8803201725d0 FS: 2b53a46cb700() GS:88033fc2() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0038 CR3: 00020a426000 CR4: 07e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process java (pid: 30431, threadinfo 8801b418a000, task 8801b5d20600) Stack: 8801b418be44 88032016d800 8801b418bdf8 8801824a7b00 8801b418bdd7 8803201725d0 8116a9c0 8801b5c38dc0 0007 88032016d800 Call Trace: [8116a9c0] lookup_dcache+0x80/0xe0 [8116aa43] __lookup_hash+0x23/0x90 [8116b4a5] lookup_one_len+0xc5/0x100 [a03869a3] nfs_sillyrename+0xe3/0x210 [nfs] [8116cadf] vfs_unlink.part.25+0x7f/0xe0 [8116f22c] do_unlinkat+0x1ac/0x1d0 [815717b9] system_call_fastpath+0x16/0x1b [2b5348b5f527] 0x2b5348b5f526 Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 f6 46 38 40 0f 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89 RIP [a03789cd] nfs_lookup_revalidate+0x2d/0x480 [nfs] RSP 8801b418bd38 CR2: 0038 ---[ end trace 845113ed191985dd ]--- This Oops affects 3.5 kernels and older, and is due to lookup_one_len() calling down to the dentry revalidation code with a NULL pointer to struct nameidata. Hmm.. in this case which filesystem is calling nfs_lookup_revalidate() with NULL nd? A similar patch has already been NACKed by Trond as it could break NFS exclusive creates. The discussion thread can be found here http://www.spinics.net/lists/linux-nfs/msg20932.html Thanks Suresh -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[ 92/95] NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate
3.2-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust Fix the following Oops in 3.5.1: BUG: unable to handle kernel NULL pointer dereference at 0038 IP: [] nfs_lookup_revalidate+0x2d/0x480 [nfs] PGD 337c63067 PUD 0 Oops: [#1] SMP CPU 5 Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc af_packet binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal processor thermal_sys Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT RIP: 0010:[] [] nfs_lookup_revalidate+0x2d/0x480 [nfs] RSP: 0018:8801b418bd38 EFLAGS: 00010292 RAX: fff6 RBX: 88032016d800 RCX: 0020 RDX: RSI: RDI: 8801824a7b00 RBP: 8801b418bdf8 R08: 7f0034323030 R09: f04c03ed R10: 8801824a7b00 R11: 0002 R12: 8801824a7b00 R13: 8801824a7b00 R14: R15: 8803201725d0 FS: 2b53a46cb700() GS:88033fc2() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0038 CR3: 00020a426000 CR4: 07e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process java (pid: 30431, threadinfo 8801b418a000, task 8801b5d20600) Stack: 8801b418be44 88032016d800 8801b418bdf8 8801824a7b00 8801b418bdd7 8803201725d0 8116a9c0 8801b5c38dc0 0007 88032016d800 Call Trace: [] lookup_dcache+0x80/0xe0 [] __lookup_hash+0x23/0x90 [] lookup_one_len+0xc5/0x100 [] nfs_sillyrename+0xe3/0x210 [nfs] [] vfs_unlink.part.25+0x7f/0xe0 [] do_unlinkat+0x1ac/0x1d0 [] system_call_fastpath+0x16/0x1b [<2b5348b5f527>] 0x2b5348b5f526 Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 46 38 40 0f 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89 RIP [] nfs_lookup_revalidate+0x2d/0x480 [nfs] RSP CR2: 0038 ---[ end trace 845113ed191985dd ]--- This Oops affects 3.5 kernels and older, and is due to lookup_one_len() calling down to the dentry revalidation code with a NULL pointer to struct nameidata. It is fixed upstream by commit 0b728e1911c (stop passing nameidata * to ->d_revalidate()) Reported-by: Richard Ems Signed-off-by: Trond Myklebust Signed-off-by: Ben Hutchings --- fs/nfs/dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -1103,7 +1103,7 @@ static int nfs_lookup_revalidate(struct struct nfs_fattr *fattr = NULL; int error; - if (nd->flags & LOOKUP_RCU) + if (nd && (nd->flags & LOOKUP_RCU)) return -ECHILD; parent = dget_parent(dentry); @@ -1508,7 +1508,7 @@ static int nfs_open_revalidate(struct de struct nfs_open_context *ctx; int openflags, ret = 0; - if (nd->flags & LOOKUP_RCU) + if (nd && (nd->flags & LOOKUP_RCU)) return -ECHILD; inode = dentry->d_inode; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[ 92/95] NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate
3.2-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust trond.mykleb...@netapp.com Fix the following Oops in 3.5.1: BUG: unable to handle kernel NULL pointer dereference at 0038 IP: [a03789cd] nfs_lookup_revalidate+0x2d/0x480 [nfs] PGD 337c63067 PUD 0 Oops: [#1] SMP CPU 5 Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc af_packet binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal processor thermal_sys Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT RIP: 0010:[a03789cd] [a03789cd] nfs_lookup_revalidate+0x2d/0x480 [nfs] RSP: 0018:8801b418bd38 EFLAGS: 00010292 RAX: fff6 RBX: 88032016d800 RCX: 0020 RDX: RSI: RDI: 8801824a7b00 RBP: 8801b418bdf8 R08: 7f0034323030 R09: f04c03ed R10: 8801824a7b00 R11: 0002 R12: 8801824a7b00 R13: 8801824a7b00 R14: R15: 8803201725d0 FS: 2b53a46cb700() GS:88033fc2() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0038 CR3: 00020a426000 CR4: 07e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process java (pid: 30431, threadinfo 8801b418a000, task 8801b5d20600) Stack: 8801b418be44 88032016d800 8801b418bdf8 8801824a7b00 8801b418bdd7 8803201725d0 8116a9c0 8801b5c38dc0 0007 88032016d800 Call Trace: [8116a9c0] lookup_dcache+0x80/0xe0 [8116aa43] __lookup_hash+0x23/0x90 [8116b4a5] lookup_one_len+0xc5/0x100 [a03869a3] nfs_sillyrename+0xe3/0x210 [nfs] [8116cadf] vfs_unlink.part.25+0x7f/0xe0 [8116f22c] do_unlinkat+0x1ac/0x1d0 [815717b9] system_call_fastpath+0x16/0x1b [2b5348b5f527] 0x2b5348b5f526 Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 f6 46 38 40 0f 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89 RIP [a03789cd] nfs_lookup_revalidate+0x2d/0x480 [nfs] RSP 8801b418bd38 CR2: 0038 ---[ end trace 845113ed191985dd ]--- This Oops affects 3.5 kernels and older, and is due to lookup_one_len() calling down to the dentry revalidation code with a NULL pointer to struct nameidata. It is fixed upstream by commit 0b728e1911c (stop passing nameidata * to -d_revalidate()) Reported-by: Richard Ems richard@cape-horn-eng.com Signed-off-by: Trond Myklebust trond.mykleb...@netapp.com Signed-off-by: Ben Hutchings b...@decadent.org.uk --- fs/nfs/dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -1103,7 +1103,7 @@ static int nfs_lookup_revalidate(struct struct nfs_fattr *fattr = NULL; int error; - if (nd-flags LOOKUP_RCU) + if (nd (nd-flags LOOKUP_RCU)) return -ECHILD; parent = dget_parent(dentry); @@ -1508,7 +1508,7 @@ static int nfs_open_revalidate(struct de struct nfs_open_context *ctx; int openflags, ret = 0; - if (nd-flags LOOKUP_RCU) + if (nd (nd-flags LOOKUP_RCU)) return -ECHILD; inode = dentry-d_inode; -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/