NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client
---Steps to Reproduce--
<nfs-server>
# cat /etc/exports
/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt)
/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt)
<nfs-client>
# mount -t nfs nfs-server:/nfs/ /mnt/
# ll /mnt/*/
<nfs-server>
# cat /etc/exports
/nfs/referal *(rw,insecure,no_subtree_check,no_root_squash,crossmnt,refer=/nfs/old/@nfs-server)
/nfs/old *(ro,insecure,subtree_check,root_squash,crossmnt)
# service nfs restart
<nfs-client>
# ll /mnt/*/ --->>>>> oops here
[ 5123.102925] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 5123.103363] IP: [<
ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
[ 5123.103752] PGD
587b9067 PUD
3cbf5067 PMD 0
[ 5123.104131] Oops: 0000 [#1]
[ 5123.104529] Modules linked in: nfsv4(OE) nfs(OE) fscache(E) nfsd(OE) xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev vmw_balloon parport_pc parport i2c_piix4 shpchp auth_rpcgss nfs_acl vmw_vmci lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi serio_raw scsi_transport_spi e1000 mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd]
[ 5123.105887] CPU: 0 PID: 15853 Comm: ::1-manager Tainted: G OE 4.2.0-rc6+ #214
[ 5123.106358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[ 5123.106860] task:
ffff88007620f300 ti:
ffff88005877c000 task.ti:
ffff88005877c000
[ 5123.107363] RIP: 0010:[<
ffffffffa03ed38b>] [<
ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
[ 5123.107909] RSP: 0018:
ffff88005877fdb8 EFLAGS:
00010246
[ 5123.108435] RAX:
ffff880053f3bc00 RBX:
ffff88006ce6c908 RCX:
ffff880053a0d240
[ 5123.108968] RDX:
ffffea0000e6d940 RSI:
ffff8800399a0000 RDI:
ffff88006ce6c908
[ 5123.109503] RBP:
ffff88005877fe28 R08:
ffffffff81c708a0 R09:
0000000000000000
[ 5123.110045] R10:
00000000000001a2 R11:
ffff88003ba7f5c8 R12:
ffff880054c55800
[ 5123.110618] R13:
0000000000000000 R14:
ffff880053a0d240 R15:
ffff880053a0d240
[ 5123.111169] FS:
0000000000000000(0000) GS:
ffffffff81c27000(0000) knlGS:
0000000000000000
[ 5123.111726] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 5123.112286] CR2:
0000000000000000 CR3:
0000000054cac000 CR4:
00000000001406f0
[ 5123.112888] Stack:
[ 5123.113458]
ffffea0000e6d940 ffff8800399a0000 00000000000167d0 0000000000000000
[ 5123.114049]
0000000000000000 0000000000000000 0000000000000000 00000000a7ec82c6
[ 5123.114662]
ffff88005877fe18 ffffea0000e6d940 ffff8800399a0000 ffff880054c55800
[ 5123.115264] Call Trace:
[ 5123.115868] [<
ffffffffa03fb44b>] nfs4_try_migration+0xbb/0x220 [nfsv4]
[ 5123.116487] [<
ffffffffa03fcb3b>] nfs4_run_state_manager+0x4ab/0x7b0 [nfsv4]
[ 5123.117104] [<
ffffffffa03fc690>] ? nfs4_do_reclaim+0x510/0x510 [nfsv4]
[ 5123.117813] [<
ffffffff810a4527>] kthread+0xd7/0xf0
[ 5123.118456] [<
ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
[ 5123.119108] [<
ffffffff816d9cdf>] ret_from_fork+0x3f/0x70
[ 5123.119723] [<
ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
[ 5123.120329] Code: 4c 8b 6a 58 74 17 eb 52 48 8d 55 a8 89 c6 4c 89 e7 e8 4a b5 ff ff 8b 45 b0 85 c0 74 1c 4c 89 f9 48 8b 55 90 48 8b 75 98 48 89 df <41> ff 55 00 3d e8 d8 ff ff 41 89 c6 74 cf 48 8b 4d c8 65 48 33
[ 5123.121643] RIP [<
ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
[ 5123.122308] RSP <
ffff88005877fdb8>
[ 5123.122942] CR2:
0000000000000000
Fixes:
ec011fe847 ("NFS: Introduce a vector of migration recovery ops")
Cc: stable@vger.kernel.org # v3.13+
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>