Jonathan Nieder wrote:
This is the BUG_ON(idmap-idmap_key_cons != NULL);
discussed at http://thread.gmane.org/gmane.linux.nfs/51316/focus=1365689
The assertion was introduced in v3.5.1~32, so wheezy is not affected.
Could you try the attached patch, for example using instructions
from [1]?
Attached.
From: Bryan Schumaker bjsch...@netapp.com
Date: Thu, 9 Aug 2012 14:05:49 -0400
Subject: NFS: Clear key construction data if the idmap upcall fails
commit c5066945b7ea346a11424dbeb7830b7d7d00c206 upstream.
idmap_pipe_downcall already clears this field if the upcall succeeds,
but if it fails (rpc.idmapd isn't running) the field will still be set
on the next call triggering a BUG_ON(). This patch tries to handle all
possible ways that the upcall could fail and clear the idmap key data
for each one.
Signed-off-by: Bryan Schumaker bjsch...@netapp.com
Tested-by: William Dauchy wdau...@gmail.com
Signed-off-by: Trond Myklebust trond.mykleb...@netapp.com
Signed-off-by: Greg Kroah-Hartman gre...@linuxfoundation.org
---
fs/nfs/idmap.c | 56 ++--
1 file changed, 42 insertions(+), 14 deletions(-)
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
index 1b5058b4043b..bf184841f595 100644
--- a/fs/nfs/idmap.c
+++ b/fs/nfs/idmap.c
@@ -63,6 +63,12 @@ struct idmap {
struct mutexidmap_mutex;
};
+struct idmap_legacy_upcalldata {
+ struct rpc_pipe_msg pipe_msg;
+ struct idmap_msg idmap_msg;
+ struct idmap *idmap;
+};
+
/**
* nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields
* @fattr: fully initialised struct nfs_fattr
@@ -326,6 +332,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t
namelen,
ret = nfs_idmap_request_key(key_type_id_resolver_legacy,
name, namelen, type, data,
data_size, idmap);
+ idmap-idmap_key_cons = NULL;
mutex_unlock(idmap-idmap_mutex);
}
return ret;
@@ -383,11 +390,13 @@ static const match_table_t nfs_idmap_tokens = {
static int nfs_idmap_legacy_upcall(struct key_construction *, const char *,
void *);
static ssize_t idmap_pipe_downcall(struct file *, const char __user *,
size_t);
+static void idmap_release_pipe(struct inode *);
static void idmap_pipe_destroy_msg(struct rpc_pipe_msg *);
static const struct rpc_pipe_ops idmap_upcall_ops = {
.upcall = rpc_pipe_generic_upcall,
.downcall = idmap_pipe_downcall,
+ .release_pipe = idmap_release_pipe,
.destroy_msg= idmap_pipe_destroy_msg,
};
@@ -619,7 +628,8 @@ void nfs_idmap_quit(void)
nfs_idmap_quit_keyring();
}
-static int nfs_idmap_prepare_message(char *desc, struct idmap_msg *im,
+static int nfs_idmap_prepare_message(char *desc, struct idmap *idmap,
+struct idmap_msg *im,
struct rpc_pipe_msg *msg)
{
substring_t substr;
@@ -662,6 +672,7 @@ static int nfs_idmap_legacy_upcall(struct key_construction
*cons,
const char *op,
void *aux)
{
+ struct idmap_legacy_upcalldata *data;
struct rpc_pipe_msg *msg;
struct idmap_msg *im;
struct idmap *idmap = (struct idmap *)aux;
@@ -669,15 +680,15 @@ static int nfs_idmap_legacy_upcall(struct
key_construction *cons,
int ret = -ENOMEM;
/* msg and im are freed in idmap_pipe_destroy_msg */
- msg = kmalloc(sizeof(*msg), GFP_KERNEL);
- if (!msg)
- goto out0;
-
- im = kmalloc(sizeof(*im), GFP_KERNEL);
- if (!im)
+ data = kmalloc(sizeof(*data), GFP_KERNEL);
+ if (!data)
goto out1;
- ret = nfs_idmap_prepare_message(key-description, im, msg);
+ msg = data-pipe_msg;
+ im = data-idmap_msg;
+ data-idmap = idmap;
+
+ ret = nfs_idmap_prepare_message(key-description, idmap, im, msg);
if (ret 0)
goto out2;
@@ -686,15 +697,15 @@ static int nfs_idmap_legacy_upcall(struct
key_construction *cons,
ret = rpc_queue_upcall(idmap-idmap_pipe, msg);
if (ret 0)
- goto out2;
+ goto out3;
return ret;
+out3:
+ idmap-idmap_key_cons = NULL;
out2:
- kfree(im);
+ kfree(data);
out1:
- kfree(msg);
-out0:
complete_request_key(cons, ret);
return ret;
}
@@ -778,9 +789,26 @@ out_incomplete:
static void
idmap_pipe_destroy_msg(struct rpc_pipe_msg *msg)
{
+ struct idmap_legacy_upcalldata *data = container_of(msg,
+ struct idmap_legacy_upcalldata,
+ pipe_msg);
+ struct idmap *idmap = data-idmap;
+ struct key_construction *cons;
+ if (msg-errno) {
+ cons =