projects
/
GitHub
/
moto-9609
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
7e3fcf6
)
Fixing oops in callback path
author
Olga Kornievskaia
<kolga@netapp.com>
Tue, 10 May 2016 20:57:41 +0000
(16:57 -0400)
committer
Anna Schumaker
<Anna.Schumaker@Netapp.com>
Tue, 17 May 2016 19:45:00 +0000
(15:45 -0400)
Commit
80f9642724af5
("NFSv4.x: Enforce the ca_maxreponsesize_cached
on the back channel") causes an oops when it receives a callback with
cachethis=yes.
[ 109.667378] BUG: unable to handle kernel NULL pointer dereference at
00000000000002c8
[ 109.669476] IP: [<
ffffffffa08a3e68
>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[ 109.671216] PGD 0
[ 109.671736] Oops: 0000 [#1] SMP
[ 109.705427] CPU: 1 PID: 3579 Comm: nfsv4.1-svc Not tainted 4.5.0-rc1+ #1
[ 109.706987] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[ 109.709468] task:
ffff8800b4408000
ti:
ffff88008448c000
task.ti:
ffff88008448c000
[ 109.711207] RIP: 0010:[<
ffffffffa08a3e68
>] [<
ffffffffa08a3e68
>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[ 109.713521] RSP: 0018:
ffff88008448fca0
EFLAGS:
00010286
[ 109.714762] RAX:
ffff880081ee202c
RBX:
ffff8800b7b5b600
RCX:
0000000000000001
[ 109.716427] RDX:
0000000000000008
RSI:
0000000000000008
RDI:
0000000000000000
[ 109.718091] RBP:
ffff88008448fda8
R08:
0000000000000000
R09:
000000000b000000
[ 109.719757] R10:
ffff880137786000
R11:
ffff8800b7b5b600
R12:
0000000001000000
[ 109.721415] R13:
0000000000000002
R14:
0000000053270000
R15:
000000000000000b
[ 109.723061] FS:
0000000000000000
(0000) GS:
ffff880139640000
(0000) knlGS:
0000000000000000
[ 109.724931] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 109.726278] CR2:
00000000000002c8
CR3:
0000000034d50000
CR4:
00000000001406e0
[ 109.727972] Stack:
[ 109.728465]
ffff880081ee202c
ffff880081ee201c
000000008448fcc0
ffff8800baccb800
[ 109.730349]
ffff8800baccc800
ffffffffa08d0380
0000000000000000
0000000000000000
[ 109.732211]
ffff8800b7b5b600
0000000000000001
ffffffff81d073c0
ffff880081ee3090
[ 109.734056] Call Trace:
[ 109.734657] [<
ffffffffa03795d4
>] svc_process_common+0x5c4/0x6c0 [sunrpc]
[ 109.736267] [<
ffffffffa0379a4c
>] bc_svc_process+0x1fc/0x360 [sunrpc]
[ 109.737775] [<
ffffffffa08a2c2c
>] nfs41_callback_svc+0x10c/0x1d0 [nfsv4]
[ 109.739335] [<
ffffffff810cb380
>] ? prepare_to_wait_event+0xf0/0xf0
[ 109.740799] [<
ffffffffa08a2b20
>] ? nfs4_callback_svc+0x50/0x50 [nfsv4]
[ 109.742349] [<
ffffffff810a6998
>] kthread+0xd8/0xf0
[ 109.743495] [<
ffffffff810a68c0
>] ? kthread_park+0x60/0x60
[ 109.744776] [<
ffffffff816abc4f
>] ret_from_fork+0x3f/0x70
[ 109.746037] [<
ffffffff810a68c0
>] ? kthread_park+0x60/0x60
[ 109.747324] Code: cc 45 31 f6 48 8b 85 00 ff ff ff 44 89 30 48 8b 85 f8 fe ff ff 44 89 20 48 8b 9d 38 ff ff ff 48 8b bd 30 ff ff ff 48 85 db 74 4c <4c> 8b af c8 02 00 00 4d 8d a5 08 02 00 00 49 81 c5 98 02 00 00
[ 109.754361] RIP [<
ffffffffa08a3e68
>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[ 109.756123] RSP <
ffff88008448fca0
>
[ 109.756951] CR2:
00000000000002c8
[ 109.757738] ---[ end trace
2b8555511ab5dfb4
]---
[ 109.758819] Kernel panic - not syncing: Fatal exception
[ 109.760126] Kernel Offset: disabled
[ 118.938934] ---[ end Kernel panic - not syncing: Fatal exception
It doesn't unlock the table nor does it set the cps->clp pointer which
is later needed by nfs4_cb_free_slot().
Fixes:
80f9642724af5
("NFSv4.x: Enforce the ca_maxresponsesize_cached ...")
CC: stable@vger.kernel.org
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
fs/nfs/callback_proc.c
patch
|
blob
|
blame
|
history
diff --git
a/fs/nfs/callback_proc.c
b/fs/nfs/callback_proc.c
index 618ced381a1405ff7c31f704409781c7ef1e00f6..7c9fbf504f076a3df2990564ee22465a27e95bf2 100644
(file)
--- a/
fs/nfs/callback_proc.c
+++ b/
fs/nfs/callback_proc.c
@@
-500,8
+500,10
@@
__be32 nfs4_callback_sequence(struct cb_sequenceargs *args,
cps->slot = slot;
/* The ca_maxresponsesize_cached is 0 with no DRC */
- if (args->csa_cachethis != 0)
- return htonl(NFS4ERR_REP_TOO_BIG_TO_CACHE);
+ if (args->csa_cachethis != 0) {
+ status = htonl(NFS4ERR_REP_TOO_BIG_TO_CACHE);
+ goto out_unlock;
+ }
/*
* Check for pending referring calls. If a match is found, a