Bug#689274: (almost 100% reproducible) kernel bug when trying to mount nfs filesystem

2012-10-01 Thread Jonathan Nieder 
tags 689274 = upstream fixed-upstream
quit

Hi Rogério,

Rogério Brito wrote:

 I have been semi-consistently (the almost 100% reproducible) getting a
 kernel Oops whenever I try to mount a NFS filesystem from another computer
 (an ARM, 32-bit NAS, running pure Debian armel unstable) from my network.

 This has only happened with kernel 3.5, but not with previous kernels.
[...]
 [ 9608.475559] kernel BUG at 
 /build/buildd-linux_3.5.2-1~experimental.1-amd64-bLqIZ_/linux-3.5.2/fs/nfs/idmap.c:684!

This is the BUG_ON(idmap-idmap_key_cons != NULL);
discussed at http://thread.gmane.org/gmane.linux.nfs/51316/focus=1365689
The assertion was introduced in v3.5.1~32, so wheezy is not affected.

Could you try the attached patch, for example using instructions
from [1]?

Thanks for a pleasant report,
Jonathan

[1] http://kernel-handbook.alioth.debian.org/ch-common-tasks.html#s4.2.2


--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121001083838.GA8056@elie.Belkin

Bug#689274: (almost 100% reproducible) kernel bug when trying to mount nfs filesystem

2012-10-01 Thread Jonathan Nieder 
Jonathan Nieder wrote:

 This is the BUG_ON(idmap-idmap_key_cons != NULL);
 discussed at http://thread.gmane.org/gmane.linux.nfs/51316/focus=1365689
 The assertion was introduced in v3.5.1~32, so wheezy is not affected.

 Could you try the attached patch, for example using instructions
 from [1]?

Attached.
From: Bryan Schumaker bjsch...@netapp.com
Date: Thu, 9 Aug 2012 14:05:49 -0400
Subject: NFS: Clear key construction data if the idmap upcall fails

commit c5066945b7ea346a11424dbeb7830b7d7d00c206 upstream.

idmap_pipe_downcall already clears this field if the upcall succeeds,
but if it fails (rpc.idmapd isn't running) the field will still be set
on the next call triggering a BUG_ON().  This patch tries to handle all
possible ways that the upcall could fail and clear the idmap key data
for each one.

Signed-off-by: Bryan Schumaker bjsch...@netapp.com
Tested-by: William Dauchy wdau...@gmail.com
Signed-off-by: Trond Myklebust trond.mykleb...@netapp.com
Signed-off-by: Greg Kroah-Hartman gre...@linuxfoundation.org
---
 fs/nfs/idmap.c |   56 ++--
 1 file changed, 42 insertions(+), 14 deletions(-)

diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
index 1b5058b4043b..bf184841f595 100644
--- a/fs/nfs/idmap.c
+++ b/fs/nfs/idmap.c
@@ -63,6 +63,12 @@ struct idmap {
struct mutexidmap_mutex;
 };
 
+struct idmap_legacy_upcalldata {
+   struct rpc_pipe_msg pipe_msg;
+   struct idmap_msg idmap_msg;
+   struct idmap *idmap;
+};
+
 /**
  * nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields
  * @fattr: fully initialised struct nfs_fattr
@@ -326,6 +332,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t 
namelen,
ret = nfs_idmap_request_key(key_type_id_resolver_legacy,
name, namelen, type, data,
data_size, idmap);
+   idmap-idmap_key_cons = NULL;
mutex_unlock(idmap-idmap_mutex);
}
return ret;
@@ -383,11 +390,13 @@ static const match_table_t nfs_idmap_tokens = {
 static int nfs_idmap_legacy_upcall(struct key_construction *, const char *, 
void *);
 static ssize_t idmap_pipe_downcall(struct file *, const char __user *,
   size_t);
+static void idmap_release_pipe(struct inode *);
 static void idmap_pipe_destroy_msg(struct rpc_pipe_msg *);
 
 static const struct rpc_pipe_ops idmap_upcall_ops = {
.upcall = rpc_pipe_generic_upcall,
.downcall   = idmap_pipe_downcall,
+   .release_pipe   = idmap_release_pipe,
.destroy_msg= idmap_pipe_destroy_msg,
 };
 
@@ -619,7 +628,8 @@ void nfs_idmap_quit(void)
nfs_idmap_quit_keyring();
 }
 
-static int nfs_idmap_prepare_message(char *desc, struct idmap_msg *im,
+static int nfs_idmap_prepare_message(char *desc, struct idmap *idmap,
+struct idmap_msg *im,
 struct rpc_pipe_msg *msg)
 {
substring_t substr;
@@ -662,6 +672,7 @@ static int nfs_idmap_legacy_upcall(struct key_construction 
*cons,
   const char *op,
   void *aux)
 {
+   struct idmap_legacy_upcalldata *data;
struct rpc_pipe_msg *msg;
struct idmap_msg *im;
struct idmap *idmap = (struct idmap *)aux;
@@ -669,15 +680,15 @@ static int nfs_idmap_legacy_upcall(struct 
key_construction *cons,
int ret = -ENOMEM;
 
/* msg and im are freed in idmap_pipe_destroy_msg */
-   msg = kmalloc(sizeof(*msg), GFP_KERNEL);
-   if (!msg)
-   goto out0;
-
-   im = kmalloc(sizeof(*im), GFP_KERNEL);
-   if (!im)
+   data = kmalloc(sizeof(*data), GFP_KERNEL);
+   if (!data)
goto out1;
 
-   ret = nfs_idmap_prepare_message(key-description, im, msg);
+   msg = data-pipe_msg;
+   im = data-idmap_msg;
+   data-idmap = idmap;
+
+   ret = nfs_idmap_prepare_message(key-description, idmap, im, msg);
if (ret  0)
goto out2;
 
@@ -686,15 +697,15 @@ static int nfs_idmap_legacy_upcall(struct 
key_construction *cons,
 
ret = rpc_queue_upcall(idmap-idmap_pipe, msg);
if (ret  0)
-   goto out2;
+   goto out3;
 
return ret;
 
+out3:
+   idmap-idmap_key_cons = NULL;
 out2:
-   kfree(im);
+   kfree(data);
 out1:
-   kfree(msg);
-out0:
complete_request_key(cons, ret);
return ret;
 }
@@ -778,9 +789,26 @@ out_incomplete:
 static void
 idmap_pipe_destroy_msg(struct rpc_pipe_msg *msg)
 {
+   struct idmap_legacy_upcalldata *data = container_of(msg,
+   struct idmap_legacy_upcalldata,
+   pipe_msg);
+   struct idmap *idmap = data-idmap;
+   struct key_construction *cons;
+   if (msg-errno) {
+   cons =