Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
At Mon, 15 Apr 2013 09:06:14 -0400, J. Bruce Fields wrote: > > On Mon, Apr 15, 2013 at 02:31:55PM +0200, Takashi Iwai wrote: > > At Wed, 3 Apr 2013 14:24:10 -0400, > > J. Bruce Fields wrote: > > > > > > On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote: > > > > The recent rewrite of NFSv4 recovery client tracking options per net > > > > (commit 9a9c6478) introduced Oops when it faces an error for recdir > > > > generation. > > > > > > Thanks. Looks like that could hit a lot of people actually, so I'll > > > pass that along for 3.9 soon.--b. > > > > Any chance for this to be merged in 3.9-final in time? > > Apologies, I changed my mind: since the bug was already in 3.8, I > decided maybe I was overestimating the scope of the problem. And we're > very close to 3.9 now--so I'd rather wait till the merge window. Then > it should be backported to 3.9.x fairly quickly. OK, fair enough. thanks, Takashi > > --b. > > > > > > > thanks, > > > > Takashi > > > > > > > > > > NFSD: unable to generate recoverydir name (-2). > > > > NFSD: disabling legacy clientid tracking. Reboot recovery will not > > > > function correctly! > > > > BUG: unable to handle kernel NULL pointer dereference at > > > > 07a8 > > > > IP: [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] > > > > PGD 0 > > > > Oops: [#1] PREEMPT SMP > > > > Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs > > > > lockd sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave > > > > snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq > > > > mperf coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel > > > > ablk_helper snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 > > > > snd_timer xts gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom > > > > usb_storage dcdbas iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich > > > > mei soundcore pps_core mfd_core snd_page_alloc pciehp pci_hotplug > > > > autofs4 btrfs raid6_pq zlib_deflate xor libcrc32c i915 crc32c_intel > > > > drm_kms_helper drm xhci_hcd i2c_algo_bit thermal button video processor > > > > thermal_sys scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh > > > > CPU 1 > > > > Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. > > > > OptiPlex 9010/0M9KCM > > > > RIP: 0010:[] [] > > > > nfsd4_client_tracking_exit+0x17/0x70 [nfsd] > > > > RSP: 0018:880181099c28 EFLAGS: 00010202 > > > > RAX: 8801810900c0 RBX: 0004 RCX: 0006 > > > > RDX: 0007 RSI: 0046 RDI: > > > > RBP: 880181099c38 R08: 000a R09: 039f > > > > R10: R11: 039e R12: > > > > R13: 81a87280 R14: 88014c819220 R15: 88020b75d200 > > > > FS: () GS:88021e24() > > > > knlGS: > > > > CS: 0010 DS: ES: CR0: 80050033 > > > > CR2: 07a8 CR3: 01a0d000 CR4: 001407e0 > > > > DR0: DR1: DR2: > > > > DR3: DR6: 0ff0 DR7: 0400 > > > > Process nfsd (pid: 19567, threadinfo 880181098000, task > > > > 8801810900c0) > > > > Stack: > > > >fffe 88020b75d200 880181099c58 a060c75c > > > >81a87280 880002ba7000 880181099cc8 a060cb37 > > > >880181099d20 88014c819220 0001 88020b75d200 > > > > Call Trace: > > > >[] legacy_recdir_name_error+0x3c/0x40 [nfsd] > > > >[] nfsd4_create_clid_dir+0xe7/0x200 [nfsd] > > > >[] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd] > > > >[] nfsd4_client_record_create+0x5f/0x80 [nfsd] > > > >[] nfsd4_open_confirm+0x12f/0x1b0 [nfsd] > > > >[] nfsd4_proc_compound+0x55f/0x770 [nfsd] > > > >[] nfsd_dispatch+0xdd/0x220 [nfsd] > > > >[] svc_process_common+0x328/0x6d0 [sunrpc] > > > >[] svc_process+0x10c/0x160 [sunrpc] > > > >[] nfsd+0xbf/0x130 [nfsd] > > > >[] ? nfsd_destroy+0x90/0x90 [nfsd] > > > >[] kthread+0xbb/0xc0 > > > >[] ? kthread_create_on_node+0x130/0x130 > > > >[] ret_from_fork+0x7c/0xb0 > > > >[] ? kthread_create_on_node+0x130/0x130 > > > > Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 > > > > 48 89 e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db <49> > > > > 8b 84 24 a8 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48 > > > > RIP [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] > > > >RSP > > > > CR2: 07a8 > > > > ---[ end trace 5dd4307598e98cef ]--- > > > > > > > > This patch fixes it by passing the proper net instance instead of > > > > NULL. > > > > > > > > Signed-off-by: Takashi Iwai > > > > Cc: [v3.8+] > > > > --- > > > > fs/nfsd/nfs4recover.c | 11 +-- > > > > 1 file changed, 5
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
On Mon, Apr 15, 2013 at 02:31:55PM +0200, Takashi Iwai wrote: > At Wed, 3 Apr 2013 14:24:10 -0400, > J. Bruce Fields wrote: > > > > On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote: > > > The recent rewrite of NFSv4 recovery client tracking options per net > > > (commit 9a9c6478) introduced Oops when it faces an error for recdir > > > generation. > > > > Thanks. Looks like that could hit a lot of people actually, so I'll > > pass that along for 3.9 soon.--b. > > Any chance for this to be merged in 3.9-final in time? Apologies, I changed my mind: since the bug was already in 3.8, I decided maybe I was overestimating the scope of the problem. And we're very close to 3.9 now--so I'd rather wait till the merge window. Then it should be backported to 3.9.x fairly quickly. --b. > > > thanks, > > Takashi > > > > > > > NFSD: unable to generate recoverydir name (-2). > > > NFSD: disabling legacy clientid tracking. Reboot recovery will not > > > function correctly! > > > BUG: unable to handle kernel NULL pointer dereference at > > > 07a8 > > > IP: [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] > > > PGD 0 > > > Oops: [#1] PREEMPT SMP > > > Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd > > > sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave > > > snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq > > > mperf coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel > > > ablk_helper snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 > > > snd_timer xts gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom > > > usb_storage dcdbas iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich > > > mei soundcore pps_core mfd_core snd_page_alloc pciehp pci_hotplug autofs4 > > > btrfs raid6_pq zlib_deflate xor libcrc32c i915 crc32c_intel > > > drm_kms_helper drm xhci_hcd i2c_algo_bit thermal button video processor > > > thermal_sys scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh > > > CPU 1 > > > Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. > > > OptiPlex 9010/0M9KCM > > > RIP: 0010:[] [] > > > nfsd4_client_tracking_exit+0x17/0x70 [nfsd] > > > RSP: 0018:880181099c28 EFLAGS: 00010202 > > > RAX: 8801810900c0 RBX: 0004 RCX: 0006 > > > RDX: 0007 RSI: 0046 RDI: > > > RBP: 880181099c38 R08: 000a R09: 039f > > > R10: R11: 039e R12: > > > R13: 81a87280 R14: 88014c819220 R15: 88020b75d200 > > > FS: () GS:88021e24() > > > knlGS: > > > CS: 0010 DS: ES: CR0: 80050033 > > > CR2: 07a8 CR3: 01a0d000 CR4: 001407e0 > > > DR0: DR1: DR2: > > > DR3: DR6: 0ff0 DR7: 0400 > > > Process nfsd (pid: 19567, threadinfo 880181098000, task > > > 8801810900c0) > > > Stack: > > >fffe 88020b75d200 880181099c58 a060c75c > > >81a87280 880002ba7000 880181099cc8 a060cb37 > > >880181099d20 88014c819220 0001 88020b75d200 > > > Call Trace: > > >[] legacy_recdir_name_error+0x3c/0x40 [nfsd] > > >[] nfsd4_create_clid_dir+0xe7/0x200 [nfsd] > > >[] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd] > > >[] nfsd4_client_record_create+0x5f/0x80 [nfsd] > > >[] nfsd4_open_confirm+0x12f/0x1b0 [nfsd] > > >[] nfsd4_proc_compound+0x55f/0x770 [nfsd] > > >[] nfsd_dispatch+0xdd/0x220 [nfsd] > > >[] svc_process_common+0x328/0x6d0 [sunrpc] > > >[] svc_process+0x10c/0x160 [sunrpc] > > >[] nfsd+0xbf/0x130 [nfsd] > > >[] ? nfsd_destroy+0x90/0x90 [nfsd] > > >[] kthread+0xbb/0xc0 > > >[] ? kthread_create_on_node+0x130/0x130 > > >[] ret_from_fork+0x7c/0xb0 > > >[] ? kthread_create_on_node+0x130/0x130 > > > Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 > > > 89 e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db <49> 8b 84 > > > 24 a8 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48 > > > RIP [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] > > >RSP > > > CR2: 07a8 > > > ---[ end trace 5dd4307598e98cef ]--- > > > > > > This patch fixes it by passing the proper net instance instead of > > > NULL. > > > > > > Signed-off-by: Takashi Iwai > > > Cc: [v3.8+] > > > --- > > > fs/nfsd/nfs4recover.c | 11 +-- > > > 1 file changed, 5 insertions(+), 6 deletions(-) > > > > > > diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c > > > index 899ca26..ae0d5c9 100644 > > > --- a/fs/nfsd/nfs4recover.c > > > +++ b/fs/nfsd/nfs4recover.c > > > @@ -146,7 +146,7 @@ out_no_tfm: > > > * then disable recovery tracking. > > > */ > > >
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
At Wed, 3 Apr 2013 14:24:10 -0400,
J. Bruce Fields wrote:
>
> On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote:
> > The recent rewrite of NFSv4 recovery client tracking options per net
> > (commit 9a9c6478) introduced Oops when it faces an error for recdir
> > generation.
>
> Thanks. Looks like that could hit a lot of people actually, so I'll
> pass that along for 3.9 soon.--b.
Any chance for this to be merged in 3.9-final in time?
thanks,
Takashi
> >
> > NFSD: unable to generate recoverydir name (-2).
> > NFSD: disabling legacy clientid tracking. Reboot recovery will not
> > function correctly!
> > BUG: unable to handle kernel NULL pointer dereference at 07a8
> > IP: [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
> > PGD 0
> > Oops: [#1] PREEMPT SMP
> > Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd
> > sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave
> > snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq
> > mperf coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel
> > ablk_helper snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64
> > snd_timer xts gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom
> > usb_storage dcdbas iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei
> > soundcore pps_core mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs
> > raid6_pq zlib_deflate xor libcrc32c i915 crc32c_intel drm_kms_helper drm
> > xhci_hcd i2c_algo_bit thermal button video processor thermal_sys
> > scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh
> > CPU 1
> > Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex
> > 9010/0M9KCM
> > RIP: 0010:[] []
> > nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
> > RSP: 0018:880181099c28 EFLAGS: 00010202
> > RAX: 8801810900c0 RBX: 0004 RCX: 0006
> > RDX: 0007 RSI: 0046 RDI:
> > RBP: 880181099c38 R08: 000a R09: 039f
> > R10: R11: 039e R12:
> > R13: 81a87280 R14: 88014c819220 R15: 88020b75d200
> > FS: () GS:88021e24()
> > knlGS:
> > CS: 0010 DS: ES: CR0: 80050033
> > CR2: 07a8 CR3: 01a0d000 CR4: 001407e0
> > DR0: DR1: DR2:
> > DR3: DR6: 0ff0 DR7: 0400
> > Process nfsd (pid: 19567, threadinfo 880181098000, task
> > 8801810900c0)
> > Stack:
> >fffe 88020b75d200 880181099c58 a060c75c
> >81a87280 880002ba7000 880181099cc8 a060cb37
> >880181099d20 88014c819220 0001 88020b75d200
> > Call Trace:
> >[] legacy_recdir_name_error+0x3c/0x40 [nfsd]
> >[] nfsd4_create_clid_dir+0xe7/0x200 [nfsd]
> >[] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd]
> >[] nfsd4_client_record_create+0x5f/0x80 [nfsd]
> >[] nfsd4_open_confirm+0x12f/0x1b0 [nfsd]
> >[] nfsd4_proc_compound+0x55f/0x770 [nfsd]
> >[] nfsd_dispatch+0xdd/0x220 [nfsd]
> >[] svc_process_common+0x328/0x6d0 [sunrpc]
> >[] svc_process+0x10c/0x160 [sunrpc]
> >[] nfsd+0xbf/0x130 [nfsd]
> >[] ? nfsd_destroy+0x90/0x90 [nfsd]
> >[] kthread+0xbb/0xc0
> >[] ? kthread_create_on_node+0x130/0x130
> >[] ret_from_fork+0x7c/0xb0
> >[] ? kthread_create_on_node+0x130/0x130
> > Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48
> > 89 e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db <49> 8b 84
> > 24 a8 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48
> > RIP [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
> >RSP
> > CR2: 07a8
> > ---[ end trace 5dd4307598e98cef ]---
> >
> > This patch fixes it by passing the proper net instance instead of
> > NULL.
> >
> > Signed-off-by: Takashi Iwai
> > Cc: [v3.8+]
> > ---
> > fs/nfsd/nfs4recover.c | 11 +--
> > 1 file changed, 5 insertions(+), 6 deletions(-)
> >
> > diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
> > index 899ca26..ae0d5c9 100644
> > --- a/fs/nfsd/nfs4recover.c
> > +++ b/fs/nfsd/nfs4recover.c
> > @@ -146,7 +146,7 @@ out_no_tfm:
> > * then disable recovery tracking.
> > */
> > static void
> > -legacy_recdir_name_error(int error)
> > +legacy_recdir_name_error(struct net *net, int error)
> > {
> > printk(KERN_ERR "NFSD: unable to generate recoverydir "
> > "name (%d).\n", error);
> > @@ -160,8 +160,7 @@ legacy_recdir_name_error(int error)
> > printk(KERN_ERR "NFSD: disabling legacy clientid tracking. "
> > "Reboot recovery will not function correctly!\n");
> >
> > - /* the argument is ignored by the legacy exit function */
> > -
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
At Wed, 3 Apr 2013 14:24:10 -0400,
J. Bruce Fields wrote:
On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote:
The recent rewrite of NFSv4 recovery client tracking options per net
(commit 9a9c6478) introduced Oops when it faces an error for recdir
generation.
Thanks. Looks like that could hit a lot of people actually, so I'll
pass that along for 3.9 soon.--b.
Any chance for this to be merged in 3.9-final in time?
thanks,
Takashi
NFSD: unable to generate recoverydir name (-2).
NFSD: disabling legacy clientid tracking. Reboot recovery will not
function correctly!
BUG: unable to handle kernel NULL pointer dereference at 07a8
IP: [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
PGD 0
Oops: [#1] PREEMPT SMP
Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd
sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave
snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq
mperf coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel
ablk_helper snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64
snd_timer xts gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom
usb_storage dcdbas iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei
soundcore pps_core mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs
raid6_pq zlib_deflate xor libcrc32c i915 crc32c_intel drm_kms_helper drm
xhci_hcd i2c_algo_bit thermal button video processor thermal_sys
scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh
CPU 1
Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex
9010/0M9KCM
RIP: 0010:[a060c6c7] [a060c6c7]
nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP: 0018:880181099c28 EFLAGS: 00010202
RAX: 8801810900c0 RBX: 0004 RCX: 0006
RDX: 0007 RSI: 0046 RDI:
RBP: 880181099c38 R08: 000a R09: 039f
R10: R11: 039e R12:
R13: 81a87280 R14: 88014c819220 R15: 88020b75d200
FS: () GS:88021e24()
knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 07a8 CR3: 01a0d000 CR4: 001407e0
DR0: DR1: DR2:
DR3: DR6: 0ff0 DR7: 0400
Process nfsd (pid: 19567, threadinfo 880181098000, task
8801810900c0)
Stack:
fffe 88020b75d200 880181099c58 a060c75c
81a87280 880002ba7000 880181099cc8 a060cb37
880181099d20 88014c819220 0001 88020b75d200
Call Trace:
[a060c75c] legacy_recdir_name_error+0x3c/0x40 [nfsd]
[a060cb37] nfsd4_create_clid_dir+0xe7/0x200 [nfsd]
[a0600323] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd]
[a060ccaf] nfsd4_client_record_create+0x5f/0x80 [nfsd]
[a0604eef] nfsd4_open_confirm+0x12f/0x1b0 [nfsd]
[a05f35cf] nfsd4_proc_compound+0x55f/0x770 [nfsd]
[a05e0ded] nfsd_dispatch+0xdd/0x220 [nfsd]
[a04e58b8] svc_process_common+0x328/0x6d0 [sunrpc]
[a04e5fbc] svc_process+0x10c/0x160 [sunrpc]
[a05e079f] nfsd+0xbf/0x130 [nfsd]
[a05e06e0] ? nfsd_destroy+0x90/0x90 [nfsd]
[8106a4cb] kthread+0xbb/0xc0
[8106a410] ? kthread_create_on_node+0x130/0x130
[815b373c] ret_from_fork+0x7c/0xb0
[8106a410] ? kthread_create_on_node+0x130/0x130
Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48
89 e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db 49 8b 84
24 a8 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48
RIP [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP 880181099c28
CR2: 07a8
---[ end trace 5dd4307598e98cef ]---
This patch fixes it by passing the proper net instance instead of
NULL.
Signed-off-by: Takashi Iwai ti...@suse.de
Cc: sta...@vger.kernel.org [v3.8+]
---
fs/nfsd/nfs4recover.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 899ca26..ae0d5c9 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -146,7 +146,7 @@ out_no_tfm:
* then disable recovery tracking.
*/
static void
-legacy_recdir_name_error(int error)
+legacy_recdir_name_error(struct net *net, int error)
{
printk(KERN_ERR NFSD: unable to generate recoverydir
name (%d).\n, error);
@@ -160,8 +160,7 @@ legacy_recdir_name_error(int error)
printk(KERN_ERR NFSD: disabling legacy clientid tracking.
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
On Mon, Apr 15, 2013 at 02:31:55PM +0200, Takashi Iwai wrote: At Wed, 3 Apr 2013 14:24:10 -0400, J. Bruce Fields wrote: On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote: The recent rewrite of NFSv4 recovery client tracking options per net (commit 9a9c6478) introduced Oops when it faces an error for recdir generation. Thanks. Looks like that could hit a lot of people actually, so I'll pass that along for 3.9 soon.--b. Any chance for this to be merged in 3.9-final in time? Apologies, I changed my mind: since the bug was already in 3.8, I decided maybe I was overestimating the scope of the problem. And we're very close to 3.9 now--so I'd rather wait till the merge window. Then it should be backported to 3.9.x fairly quickly. --b. thanks, Takashi NFSD: unable to generate recoverydir name (-2). NFSD: disabling legacy clientid tracking. Reboot recovery will not function correctly! BUG: unable to handle kernel NULL pointer dereference at 07a8 IP: [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] PGD 0 Oops: [#1] PREEMPT SMP Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq mperf coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel ablk_helper snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 snd_timer xts gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom usb_storage dcdbas iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei soundcore pps_core mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs raid6_pq zlib_deflate xor libcrc32c i915 crc32c_intel drm_kms_helper drm xhci_hcd i2c_algo_bit thermal button video processor thermal_sys scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh CPU 1 Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex 9010/0M9KCM RIP: 0010:[a060c6c7] [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] RSP: 0018:880181099c28 EFLAGS: 00010202 RAX: 8801810900c0 RBX: 0004 RCX: 0006 RDX: 0007 RSI: 0046 RDI: RBP: 880181099c38 R08: 000a R09: 039f R10: R11: 039e R12: R13: 81a87280 R14: 88014c819220 R15: 88020b75d200 FS: () GS:88021e24() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 07a8 CR3: 01a0d000 CR4: 001407e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process nfsd (pid: 19567, threadinfo 880181098000, task 8801810900c0) Stack: fffe 88020b75d200 880181099c58 a060c75c 81a87280 880002ba7000 880181099cc8 a060cb37 880181099d20 88014c819220 0001 88020b75d200 Call Trace: [a060c75c] legacy_recdir_name_error+0x3c/0x40 [nfsd] [a060cb37] nfsd4_create_clid_dir+0xe7/0x200 [nfsd] [a0600323] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd] [a060ccaf] nfsd4_client_record_create+0x5f/0x80 [nfsd] [a0604eef] nfsd4_open_confirm+0x12f/0x1b0 [nfsd] [a05f35cf] nfsd4_proc_compound+0x55f/0x770 [nfsd] [a05e0ded] nfsd_dispatch+0xdd/0x220 [nfsd] [a04e58b8] svc_process_common+0x328/0x6d0 [sunrpc] [a04e5fbc] svc_process+0x10c/0x160 [sunrpc] [a05e079f] nfsd+0xbf/0x130 [nfsd] [a05e06e0] ? nfsd_destroy+0x90/0x90 [nfsd] [8106a4cb] kthread+0xbb/0xc0 [8106a410] ? kthread_create_on_node+0x130/0x130 [815b373c] ret_from_fork+0x7c/0xb0 [8106a410] ? kthread_create_on_node+0x130/0x130 Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db 49 8b 84 24 a8 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48 RIP [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] RSP 880181099c28 CR2: 07a8 ---[ end trace 5dd4307598e98cef ]--- This patch fixes it by passing the proper net instance instead of NULL. Signed-off-by: Takashi Iwai ti...@suse.de Cc: sta...@vger.kernel.org [v3.8+] --- fs/nfsd/nfs4recover.c | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 899ca26..ae0d5c9 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -146,7
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
At Mon, 15 Apr 2013 09:06:14 -0400, J. Bruce Fields wrote: On Mon, Apr 15, 2013 at 02:31:55PM +0200, Takashi Iwai wrote: At Wed, 3 Apr 2013 14:24:10 -0400, J. Bruce Fields wrote: On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote: The recent rewrite of NFSv4 recovery client tracking options per net (commit 9a9c6478) introduced Oops when it faces an error for recdir generation. Thanks. Looks like that could hit a lot of people actually, so I'll pass that along for 3.9 soon.--b. Any chance for this to be merged in 3.9-final in time? Apologies, I changed my mind: since the bug was already in 3.8, I decided maybe I was overestimating the scope of the problem. And we're very close to 3.9 now--so I'd rather wait till the merge window. Then it should be backported to 3.9.x fairly quickly. OK, fair enough. thanks, Takashi --b. thanks, Takashi NFSD: unable to generate recoverydir name (-2). NFSD: disabling legacy clientid tracking. Reboot recovery will not function correctly! BUG: unable to handle kernel NULL pointer dereference at 07a8 IP: [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] PGD 0 Oops: [#1] PREEMPT SMP Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq mperf coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel ablk_helper snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 snd_timer xts gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom usb_storage dcdbas iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei soundcore pps_core mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs raid6_pq zlib_deflate xor libcrc32c i915 crc32c_intel drm_kms_helper drm xhci_hcd i2c_algo_bit thermal button video processor thermal_sys scsi_dh_rdac scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh CPU 1 Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex 9010/0M9KCM RIP: 0010:[a060c6c7] [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] RSP: 0018:880181099c28 EFLAGS: 00010202 RAX: 8801810900c0 RBX: 0004 RCX: 0006 RDX: 0007 RSI: 0046 RDI: RBP: 880181099c38 R08: 000a R09: 039f R10: R11: 039e R12: R13: 81a87280 R14: 88014c819220 R15: 88020b75d200 FS: () GS:88021e24() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 07a8 CR3: 01a0d000 CR4: 001407e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process nfsd (pid: 19567, threadinfo 880181098000, task 8801810900c0) Stack: fffe 88020b75d200 880181099c58 a060c75c 81a87280 880002ba7000 880181099cc8 a060cb37 880181099d20 88014c819220 0001 88020b75d200 Call Trace: [a060c75c] legacy_recdir_name_error+0x3c/0x40 [nfsd] [a060cb37] nfsd4_create_clid_dir+0xe7/0x200 [nfsd] [a0600323] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd] [a060ccaf] nfsd4_client_record_create+0x5f/0x80 [nfsd] [a0604eef] nfsd4_open_confirm+0x12f/0x1b0 [nfsd] [a05f35cf] nfsd4_proc_compound+0x55f/0x770 [nfsd] [a05e0ded] nfsd_dispatch+0xdd/0x220 [nfsd] [a04e58b8] svc_process_common+0x328/0x6d0 [sunrpc] [a04e5fbc] svc_process+0x10c/0x160 [sunrpc] [a05e079f] nfsd+0xbf/0x130 [nfsd] [a05e06e0] ? nfsd_destroy+0x90/0x90 [nfsd] [8106a4cb] kthread+0xbb/0xc0 [8106a410] ? kthread_create_on_node+0x130/0x130 [815b373c] ret_from_fork+0x7c/0xb0 [8106a410] ? kthread_create_on_node+0x130/0x130 Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db 49 8b 84 24 a8 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48 RIP [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd] RSP 880181099c28 CR2: 07a8 ---[ end trace 5dd4307598e98cef ]--- This patch fixes it by passing the proper net instance instead of NULL. Signed-off-by: Takashi Iwai ti...@suse.de Cc: sta...@vger.kernel.org [v3.8+] --- fs/nfsd/nfs4recover.c | 11 +-- 1 file changed, 5
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote:
> The recent rewrite of NFSv4 recovery client tracking options per net
> (commit 9a9c6478) introduced Oops when it faces an error for recdir
> generation.
Thanks. Looks like that could hit a lot of people actually, so I'll
pass that along for 3.9 soon.--b.
>
> NFSD: unable to generate recoverydir name (-2).
> NFSD: disabling legacy clientid tracking. Reboot recovery will not function
> correctly!
> BUG: unable to handle kernel NULL pointer dereference at 07a8
> IP: [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
> PGD 0
> Oops: [#1] PREEMPT SMP
> Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd
> sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave
> snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq mperf
> coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel ablk_helper
> snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 snd_timer xts
> gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom usb_storage dcdbas
> iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei soundcore pps_core
> mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs raid6_pq
> zlib_deflate xor libcrc32c i915 crc32c_intel drm_kms_helper drm xhci_hcd
> i2c_algo_bit thermal button video processor thermal_sys scsi_dh_rdac
> scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh
> CPU 1
> Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex
> 9010/0M9KCM
> RIP: 0010:[] []
> nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
> RSP: 0018:880181099c28 EFLAGS: 00010202
> RAX: 8801810900c0 RBX: 0004 RCX: 0006
> RDX: 0007 RSI: 0046 RDI:
> RBP: 880181099c38 R08: 000a R09: 039f
> R10: R11: 039e R12:
> R13: 81a87280 R14: 88014c819220 R15: 88020b75d200
> FS: () GS:88021e24() knlGS:
> CS: 0010 DS: ES: CR0: 80050033
> CR2: 07a8 CR3: 01a0d000 CR4: 001407e0
> DR0: DR1: DR2:
> DR3: DR6: 0ff0 DR7: 0400
> Process nfsd (pid: 19567, threadinfo 880181098000, task
> 8801810900c0)
> Stack:
>fffe 88020b75d200 880181099c58 a060c75c
>81a87280 880002ba7000 880181099cc8 a060cb37
>880181099d20 88014c819220 0001 88020b75d200
> Call Trace:
>[] legacy_recdir_name_error+0x3c/0x40 [nfsd]
>[] nfsd4_create_clid_dir+0xe7/0x200 [nfsd]
>[] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd]
>[] nfsd4_client_record_create+0x5f/0x80 [nfsd]
>[] nfsd4_open_confirm+0x12f/0x1b0 [nfsd]
>[] nfsd4_proc_compound+0x55f/0x770 [nfsd]
>[] nfsd_dispatch+0xdd/0x220 [nfsd]
>[] svc_process_common+0x328/0x6d0 [sunrpc]
>[] svc_process+0x10c/0x160 [sunrpc]
>[] nfsd+0xbf/0x130 [nfsd]
>[] ? nfsd_destroy+0x90/0x90 [nfsd]
>[] kthread+0xbb/0xc0
>[] ? kthread_create_on_node+0x130/0x130
>[] ret_from_fork+0x7c/0xb0
>[] ? kthread_create_on_node+0x130/0x130
> Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 89
> e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db <49> 8b 84 24 a8
> 07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48
> RIP [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
>RSP
> CR2: 07a8
> ---[ end trace 5dd4307598e98cef ]---
>
> This patch fixes it by passing the proper net instance instead of
> NULL.
>
> Signed-off-by: Takashi Iwai
> Cc: [v3.8+]
> ---
> fs/nfsd/nfs4recover.c | 11 +--
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
> index 899ca26..ae0d5c9 100644
> --- a/fs/nfsd/nfs4recover.c
> +++ b/fs/nfsd/nfs4recover.c
> @@ -146,7 +146,7 @@ out_no_tfm:
> * then disable recovery tracking.
> */
> static void
> -legacy_recdir_name_error(int error)
> +legacy_recdir_name_error(struct net *net, int error)
> {
> printk(KERN_ERR "NFSD: unable to generate recoverydir "
> "name (%d).\n", error);
> @@ -160,8 +160,7 @@ legacy_recdir_name_error(int error)
> printk(KERN_ERR "NFSD: disabling legacy clientid tracking. "
> "Reboot recovery will not function correctly!\n");
>
> - /* the argument is ignored by the legacy exit function */
> - nfsd4_client_tracking_exit(NULL);
> + nfsd4_client_tracking_exit(net);
> }
> }
>
> @@ -184,7 +183,7 @@ nfsd4_create_clid_dir(struct nfs4_client *clp)
>
> status = nfs4_make_rec_clidname(dname, >cl_name);
> if (status)
> - return legacy_recdir_name_error(status);
> +
[PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
The recent rewrite of NFSv4 recovery client tracking options per net
(commit 9a9c6478) introduced Oops when it faces an error for recdir
generation.
NFSD: unable to generate recoverydir name (-2).
NFSD: disabling legacy clientid tracking. Reboot recovery will not function
correctly!
BUG: unable to handle kernel NULL pointer dereference at 07a8
IP: [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
PGD 0
Oops: [#1] PREEMPT SMP
Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd sunrpc
cpufreq_conservative cpufreq_userspace cpufreq_powersave snd_hda_codec_hdmi
snd_hda_codec_realtek intel_powerclamp acpi_cpufreq mperf coretemp
ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel ablk_helper
snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 snd_timer xts
gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom usb_storage dcdbas
iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei soundcore pps_core
mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs raid6_pq zlib_deflate
xor libcrc32c i915 crc32c_intel drm_kms_helper drm xhci_hcd i2c_algo_bit
thermal button video processor thermal_sys scsi_dh_rdac scsi_dh_hp_sw
scsi_dh_emc scsi_dh_alua scsi_dh
CPU 1
Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex
9010/0M9KCM
RIP: 0010:[] []
nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP: 0018:880181099c28 EFLAGS: 00010202
RAX: 8801810900c0 RBX: 0004 RCX: 0006
RDX: 0007 RSI: 0046 RDI:
RBP: 880181099c38 R08: 000a R09: 039f
R10: R11: 039e R12:
R13: 81a87280 R14: 88014c819220 R15: 88020b75d200
FS: () GS:88021e24() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 07a8 CR3: 01a0d000 CR4: 001407e0
DR0: DR1: DR2:
DR3: DR6: 0ff0 DR7: 0400
Process nfsd (pid: 19567, threadinfo 880181098000, task 8801810900c0)
Stack:
fffe 88020b75d200 880181099c58 a060c75c
81a87280 880002ba7000 880181099cc8 a060cb37
880181099d20 88014c819220 0001 88020b75d200
Call Trace:
[] legacy_recdir_name_error+0x3c/0x40 [nfsd]
[] nfsd4_create_clid_dir+0xe7/0x200 [nfsd]
[] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd]
[] nfsd4_client_record_create+0x5f/0x80 [nfsd]
[] nfsd4_open_confirm+0x12f/0x1b0 [nfsd]
[] nfsd4_proc_compound+0x55f/0x770 [nfsd]
[] nfsd_dispatch+0xdd/0x220 [nfsd]
[] svc_process_common+0x328/0x6d0 [sunrpc]
[] svc_process+0x10c/0x160 [sunrpc]
[] nfsd+0xbf/0x130 [nfsd]
[] ? nfsd_destroy+0x90/0x90 [nfsd]
[] kthread+0xbb/0xc0
[] ? kthread_create_on_node+0x130/0x130
[] ret_from_fork+0x7c/0xb0
[] ? kthread_create_on_node+0x130/0x130
Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 89 e5
41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db <49> 8b 84 24 a8 07 00
00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48
RIP [] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP
CR2: 07a8
---[ end trace 5dd4307598e98cef ]---
This patch fixes it by passing the proper net instance instead of
NULL.
Signed-off-by: Takashi Iwai
Cc: [v3.8+]
---
fs/nfsd/nfs4recover.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 899ca26..ae0d5c9 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -146,7 +146,7 @@ out_no_tfm:
* then disable recovery tracking.
*/
static void
-legacy_recdir_name_error(int error)
+legacy_recdir_name_error(struct net *net, int error)
{
printk(KERN_ERR "NFSD: unable to generate recoverydir "
"name (%d).\n", error);
@@ -160,8 +160,7 @@ legacy_recdir_name_error(int error)
printk(KERN_ERR "NFSD: disabling legacy clientid tracking. "
"Reboot recovery will not function correctly!\n");
- /* the argument is ignored by the legacy exit function */
- nfsd4_client_tracking_exit(NULL);
+ nfsd4_client_tracking_exit(net);
}
}
@@ -184,7 +183,7 @@ nfsd4_create_clid_dir(struct nfs4_client *clp)
status = nfs4_make_rec_clidname(dname, >cl_name);
if (status)
- return legacy_recdir_name_error(status);
+ return legacy_recdir_name_error(clp->net, status);
status = nfs4_save_creds(_cred);
if (status < 0)
@@ -341,7 +340,7 @@ nfsd4_remove_clid_dir(struct nfs4_client *clp)
status = nfs4_make_rec_clidname(dname, >cl_name);
if (status)
- return legacy_recdir_name_error(status);
+ return
[PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
The recent rewrite of NFSv4 recovery client tracking options per net
(commit 9a9c6478) introduced Oops when it faces an error for recdir
generation.
NFSD: unable to generate recoverydir name (-2).
NFSD: disabling legacy clientid tracking. Reboot recovery will not function
correctly!
BUG: unable to handle kernel NULL pointer dereference at 07a8
IP: [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
PGD 0
Oops: [#1] PREEMPT SMP
Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd sunrpc
cpufreq_conservative cpufreq_userspace cpufreq_powersave snd_hda_codec_hdmi
snd_hda_codec_realtek intel_powerclamp acpi_cpufreq mperf coretemp
ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel ablk_helper
snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 snd_timer xts
gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom usb_storage dcdbas
iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei soundcore pps_core
mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs raid6_pq zlib_deflate
xor libcrc32c i915 crc32c_intel drm_kms_helper drm xhci_hcd i2c_algo_bit
thermal button video processor thermal_sys scsi_dh_rdac scsi_dh_hp_sw
scsi_dh_emc scsi_dh_alua scsi_dh
CPU 1
Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex
9010/0M9KCM
RIP: 0010:[a060c6c7] [a060c6c7]
nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP: 0018:880181099c28 EFLAGS: 00010202
RAX: 8801810900c0 RBX: 0004 RCX: 0006
RDX: 0007 RSI: 0046 RDI:
RBP: 880181099c38 R08: 000a R09: 039f
R10: R11: 039e R12:
R13: 81a87280 R14: 88014c819220 R15: 88020b75d200
FS: () GS:88021e24() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 07a8 CR3: 01a0d000 CR4: 001407e0
DR0: DR1: DR2:
DR3: DR6: 0ff0 DR7: 0400
Process nfsd (pid: 19567, threadinfo 880181098000, task 8801810900c0)
Stack:
fffe 88020b75d200 880181099c58 a060c75c
81a87280 880002ba7000 880181099cc8 a060cb37
880181099d20 88014c819220 0001 88020b75d200
Call Trace:
[a060c75c] legacy_recdir_name_error+0x3c/0x40 [nfsd]
[a060cb37] nfsd4_create_clid_dir+0xe7/0x200 [nfsd]
[a0600323] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd]
[a060ccaf] nfsd4_client_record_create+0x5f/0x80 [nfsd]
[a0604eef] nfsd4_open_confirm+0x12f/0x1b0 [nfsd]
[a05f35cf] nfsd4_proc_compound+0x55f/0x770 [nfsd]
[a05e0ded] nfsd_dispatch+0xdd/0x220 [nfsd]
[a04e58b8] svc_process_common+0x328/0x6d0 [sunrpc]
[a04e5fbc] svc_process+0x10c/0x160 [sunrpc]
[a05e079f] nfsd+0xbf/0x130 [nfsd]
[a05e06e0] ? nfsd_destroy+0x90/0x90 [nfsd]
[8106a4cb] kthread+0xbb/0xc0
[8106a410] ? kthread_create_on_node+0x130/0x130
[815b373c] ret_from_fork+0x7c/0xb0
[8106a410] ? kthread_create_on_node+0x130/0x130
Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 89 e5
41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db 49 8b 84 24 a8 07 00
00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48
RIP [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP 880181099c28
CR2: 07a8
---[ end trace 5dd4307598e98cef ]---
This patch fixes it by passing the proper net instance instead of
NULL.
Signed-off-by: Takashi Iwai ti...@suse.de
Cc: sta...@vger.kernel.org [v3.8+]
---
fs/nfsd/nfs4recover.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 899ca26..ae0d5c9 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -146,7 +146,7 @@ out_no_tfm:
* then disable recovery tracking.
*/
static void
-legacy_recdir_name_error(int error)
+legacy_recdir_name_error(struct net *net, int error)
{
printk(KERN_ERR NFSD: unable to generate recoverydir
name (%d).\n, error);
@@ -160,8 +160,7 @@ legacy_recdir_name_error(int error)
printk(KERN_ERR NFSD: disabling legacy clientid tracking.
Reboot recovery will not function correctly!\n);
- /* the argument is ignored by the legacy exit function */
- nfsd4_client_tracking_exit(NULL);
+ nfsd4_client_tracking_exit(net);
}
}
@@ -184,7 +183,7 @@ nfsd4_create_clid_dir(struct nfs4_client *clp)
status = nfs4_make_rec_clidname(dname, clp-cl_name);
if (status)
- return legacy_recdir_name_error(status);
+ return
Re: [PATCH] nfsd4: Fix NULL dereference in legacy_recdir_name_error()
On Wed, Apr 03, 2013 at 06:27:26PM +0200, Takashi Iwai wrote:
The recent rewrite of NFSv4 recovery client tracking options per net
(commit 9a9c6478) introduced Oops when it faces an error for recdir
generation.
Thanks. Looks like that could hit a lot of people actually, so I'll
pass that along for 3.9 soon.--b.
NFSD: unable to generate recoverydir name (-2).
NFSD: disabling legacy clientid tracking. Reboot recovery will not function
correctly!
BUG: unable to handle kernel NULL pointer dereference at 07a8
IP: [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
PGD 0
Oops: [#1] PREEMPT SMP
Modules linked in: nfsd fuse nfsv3 nfs_acl nfsv4 auth_rpcgss nfs lockd
sunrpc cpufreq_conservative cpufreq_userspace cpufreq_powersave
snd_hda_codec_hdmi snd_hda_codec_realtek intel_powerclamp acpi_cpufreq mperf
coretemp ghash_clmulni_intel aesni_intel kvm_intel snd_hda_intel ablk_helper
snd_hda_codec snd_hwdep kvm snd_pcm cryptd lrw aes_x86_64 snd_timer xts
gf128mul e1000e snd sr_mod iTCO_wdt microcode cdrom usb_storage dcdbas
iTCO_vendor_support i2c_i801 cdc_acm sg ptp lpc_ich mei soundcore pps_core
mfd_core snd_page_alloc pciehp pci_hotplug autofs4 btrfs raid6_pq
zlib_deflate xor libcrc32c i915 crc32c_intel drm_kms_helper drm xhci_hcd
i2c_algo_bit thermal button video processor thermal_sys scsi_dh_rdac
scsi_dh_hp_sw scsi_dh_emc scsi_dh_alua scsi_dh
CPU 1
Pid: 19567, comm: nfsd Not tainted 3.9.0-rc5-test+ #3 Dell Inc. OptiPlex
9010/0M9KCM
RIP: 0010:[a060c6c7] [a060c6c7]
nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP: 0018:880181099c28 EFLAGS: 00010202
RAX: 8801810900c0 RBX: 0004 RCX: 0006
RDX: 0007 RSI: 0046 RDI:
RBP: 880181099c38 R08: 000a R09: 039f
R10: R11: 039e R12:
R13: 81a87280 R14: 88014c819220 R15: 88020b75d200
FS: () GS:88021e24() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 07a8 CR3: 01a0d000 CR4: 001407e0
DR0: DR1: DR2:
DR3: DR6: 0ff0 DR7: 0400
Process nfsd (pid: 19567, threadinfo 880181098000, task
8801810900c0)
Stack:
fffe 88020b75d200 880181099c58 a060c75c
81a87280 880002ba7000 880181099cc8 a060cb37
880181099d20 88014c819220 0001 88020b75d200
Call Trace:
[a060c75c] legacy_recdir_name_error+0x3c/0x40 [nfsd]
[a060cb37] nfsd4_create_clid_dir+0xe7/0x200 [nfsd]
[a0600323] ? nfs4_preprocess_seqid_op+0x63/0x160 [nfsd]
[a060ccaf] nfsd4_client_record_create+0x5f/0x80 [nfsd]
[a0604eef] nfsd4_open_confirm+0x12f/0x1b0 [nfsd]
[a05f35cf] nfsd4_proc_compound+0x55f/0x770 [nfsd]
[a05e0ded] nfsd_dispatch+0xdd/0x220 [nfsd]
[a04e58b8] svc_process_common+0x328/0x6d0 [sunrpc]
[a04e5fbc] svc_process+0x10c/0x160 [sunrpc]
[a05e079f] nfsd+0xbf/0x130 [nfsd]
[a05e06e0] ? nfsd_destroy+0x90/0x90 [nfsd]
[8106a4cb] kthread+0xbb/0xc0
[8106a410] ? kthread_create_on_node+0x130/0x130
[815b373c] ret_from_fork+0x7c/0xb0
[8106a410] ? kthread_create_on_node+0x130/0x130
Code: e0 49 8b 84 24 48 01 00 00 e9 25 ff ff ff 66 0f 1f 44 00 00 55 48 89
e5 41 54 49 89 fc 53 8b 1d 44 b4 00 00 e8 bb a9 a5 e0 85 db 49 8b 84 24 a8
07 00 00 74 43 3b 18 77 3f 83 eb 01 48 63 db 48
RIP [a060c6c7] nfsd4_client_tracking_exit+0x17/0x70 [nfsd]
RSP 880181099c28
CR2: 07a8
---[ end trace 5dd4307598e98cef ]---
This patch fixes it by passing the proper net instance instead of
NULL.
Signed-off-by: Takashi Iwai ti...@suse.de
Cc: sta...@vger.kernel.org [v3.8+]
---
fs/nfsd/nfs4recover.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 899ca26..ae0d5c9 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -146,7 +146,7 @@ out_no_tfm:
* then disable recovery tracking.
*/
static void
-legacy_recdir_name_error(int error)
+legacy_recdir_name_error(struct net *net, int error)
{
printk(KERN_ERR NFSD: unable to generate recoverydir
name (%d).\n, error);
@@ -160,8 +160,7 @@ legacy_recdir_name_error(int error)
printk(KERN_ERR NFSD: disabling legacy clientid tracking.
Reboot recovery will not function correctly!\n);
- /* the argument is ignored by the legacy exit function */
- nfsd4_client_tracking_exit(NULL);
+ nfsd4_client_tracking_exit(net);
