From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk,
Richard Ems <richard.ems@cape-horn-eng.com>,
Trond Myklebust <Trond.Myklebust@netapp.com>
Subject: [ 28/57] NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate
Date: Wed, 14 Nov 2012 20:11:36 -0800 [thread overview]
Message-ID: <20121115040934.949746131@linuxfoundation.org> (raw)
In-Reply-To: <20121115040933.223998671@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
[Fixed upstream as part of 0b728e1911c, but that's a much larger patch,
this is only the nfs portion backported as needed.]
Fix the following Oops in 3.5.1:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
IP: [<ffffffffa03789cd>] nfs_lookup_revalidate+0x2d/0x480 [nfs]
PGD 337c63067 PUD 0
Oops: 0000 [#1] SMP
CPU 5
Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc af_packet binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal processor thermal_sys
Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT
RIP: 0010:[<ffffffffa03789cd>] [<ffffffffa03789cd>] nfs_lookup_revalidate+0x2d/0x480 [nfs]
RSP: 0018:ffff8801b418bd38 EFLAGS: 00010292
RAX: 00000000fffffff6 RBX: ffff88032016d800 RCX: 0000000000000020
RDX: ffffffff00000000 RSI: 0000000000000000 RDI: ffff8801824a7b00
RBP: ffff8801b418bdf8 R08: 7fffff0034323030 R09: fffffffff04c03ed
R10: ffff8801824a7b00 R11: 0000000000000002 R12: ffff8801824a7b00
R13: ffff8801824a7b00 R14: 0000000000000000 R15: ffff8803201725d0
FS: 00002b53a46cb700(0000) GS:ffff88033fc20000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000038 CR3: 000000020a426000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process java (pid: 30431, threadinfo ffff8801b418a000, task ffff8801b5d20600)
Stack:
ffff8801b418be44 ffff88032016d800 ffff8801b418bdf8 0000000000000000
ffff8801824a7b00 ffff8801b418bdd7 ffff8803201725d0 ffffffff8116a9c0
ffff8801b5c38dc0 0000000000000007 ffff88032016d800 0000000000000000
Call Trace:
[<ffffffff8116a9c0>] lookup_dcache+0x80/0xe0
[<ffffffff8116aa43>] __lookup_hash+0x23/0x90
[<ffffffff8116b4a5>] lookup_one_len+0xc5/0x100
[<ffffffffa03869a3>] nfs_sillyrename+0xe3/0x210 [nfs]
[<ffffffff8116cadf>] vfs_unlink.part.25+0x7f/0xe0
[<ffffffff8116f22c>] do_unlinkat+0x1ac/0x1d0
[<ffffffff815717b9>] system_call_fastpath+0x16/0x1b
[<00002b5348b5f527>] 0x2b5348b5f526
Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 <f6> 46 38 40 0f 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89
RIP [<ffffffffa03789cd>] nfs_lookup_revalidate+0x2d/0x480 [nfs]
RSP <ffff8801b418bd38>
CR2: 0000000000000038
---[ end trace 845113ed191985dd ]---
This Oops affects 3.5 kernels and older, and is due to lookup_one_len()
calling down to the dentry revalidation code with a NULL pointer
to struct nameidata.
It is fixed upstream by commit 0b728e1911c (stop passing nameidata *
to ->d_revalidate())
Reported-by: Richard Ems <richard.ems@cape-horn-eng.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/dir.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1103,7 +1103,7 @@ static int nfs_lookup_revalidate(struct
struct nfs_fattr *fattr = NULL;
int error;
- if (nd->flags & LOOKUP_RCU)
+ if (nd && (nd->flags & LOOKUP_RCU))
return -ECHILD;
parent = dget_parent(dentry);
@@ -1502,7 +1502,7 @@ static int nfs_open_revalidate(struct de
struct iattr attr;
int openflags, ret = 0;
- if (nd->flags & LOOKUP_RCU)
+ if (nd && (nd->flags & LOOKUP_RCU))
return -ECHILD;
inode = dentry->d_inode;
next prev parent reply other threads:[~2012-11-15 4:18 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-15 4:11 [ 00/57] 3.4.19-stable review Greg Kroah-Hartman
2012-11-15 4:11 ` [ 01/57] xen/gntdev: dont leak memory from IOCTL_GNTDEV_MAP_GRANT_REF Greg Kroah-Hartman
2012-11-15 4:11 ` [ 02/57] xen/mmu: Use Xen specific TLB flush instead of the generic one Greg Kroah-Hartman
2012-11-15 4:11 ` [ 03/57] Input: tsc40 - remove wrong announcement of pressure support Greg Kroah-Hartman
2012-11-15 4:11 ` [ 04/57] ath9k: fix stale pointers potentially causing access to freed skbs Greg Kroah-Hartman
2012-11-15 4:11 ` [ 05/57] ath9k: Test for TID only in BlockAcks while checking tx status Greg Kroah-Hartman
2012-11-15 4:11 ` [ 06/57] rt2800: validate step value for temperature compensation Greg Kroah-Hartman
2012-11-15 4:11 ` [ 07/57] target: Dont return success from module_init() if setup fails Greg Kroah-Hartman
2012-11-15 4:11 ` [ 08/57] target: Avoid integer overflow in se_dev_align_max_sectors() Greg Kroah-Hartman
2012-11-15 4:11 ` [ 09/57] iscsi-target: Fix missed wakeup race in TX thread Greg Kroah-Hartman
2012-11-15 4:11 ` [ 10/57] target: Fix incorrect usage of nested IRQ spinlocks in ABORT_TASK path Greg Kroah-Hartman
2012-11-15 4:11 ` [ 11/57] cfg80211: fix antenna gain handling Greg Kroah-Hartman
2012-11-15 4:11 ` [ 12/57] wireless: drop invalid mesh address extension frames Greg Kroah-Hartman
2012-11-15 4:11 ` [ 13/57] mac80211: use blacklist for duplicate IE check Greg Kroah-Hartman
2012-11-15 4:11 ` [ 14/57] mac80211: Only process mesh config header on frames that RA_MATCH Greg Kroah-Hartman
2012-11-15 4:11 ` [ 15/57] mac80211: dont inspect Sequence Control field on control frames Greg Kroah-Hartman
2012-11-15 4:11 ` [ 16/57] DRM/Radeon: Fix Load Detection on legacy primary DAC Greg Kroah-Hartman
2012-11-15 4:11 ` [ 17/57] drm/udl: fix stride issues scanning out stride != width*bpp Greg Kroah-Hartman
2012-11-15 4:11 ` [ 18/57] mac80211: check management frame header length Greg Kroah-Hartman
2012-11-15 4:11 ` [ 19/57] mac80211: verify that skb data is present Greg Kroah-Hartman
2012-11-15 4:11 ` [ 20/57] mac80211: make sure data is accessible in EAPOL check Greg Kroah-Hartman
2012-11-15 4:11 ` [ 21/57] mac80211: fix SSID copy on IBSS JOIN Greg Kroah-Hartman
2012-11-15 4:11 ` [ 22/57] nfsv3: Make v3 mounts fail with ETIMEDOUTs instead EIO on mountd timeouts Greg Kroah-Hartman
2012-11-15 4:11 ` [ 23/57] nfs: Show original device name verbatim in /proc/*/mount{s,info} Greg Kroah-Hartman
2012-11-15 4:11 ` [ 24/57] NFSv4: nfs4_locku_done must release the sequence id Greg Kroah-Hartman
2012-11-15 4:11 ` [ 25/57] NFSv4.1: We must release the sequence id when we fail to get a session slot Greg Kroah-Hartman
2012-11-15 4:11 ` [ 26/57] nfsd: add get_uint for u32s Greg Kroah-Hartman
2012-11-15 4:11 ` [ 27/57] NFS: fix bug in legacy DNS resolver Greg Kroah-Hartman
2012-11-15 4:11 ` Greg Kroah-Hartman [this message]
2012-11-15 4:11 ` [ 29/57] drm: restore open_count if drm_setup fails Greg Kroah-Hartman
2012-11-15 4:11 ` [ 30/57] hwmon: (w83627ehf) Force initial bank selection Greg Kroah-Hartman
2012-11-15 4:11 ` [ 31/57] ALSA: PCM: Fix some races at disconnection Greg Kroah-Hartman
2012-11-15 4:11 ` [ 32/57] ALSA: usb-audio: Fix " Greg Kroah-Hartman
2012-11-15 4:11 ` [ 33/57] ALSA: usb-audio: Use rwsem for disconnect protection Greg Kroah-Hartman
2012-11-15 4:11 ` [ 34/57] ALSA: usb-audio: Fix races at disconnection in mixer_quirks.c Greg Kroah-Hartman
2012-11-15 4:11 ` [ 35/57] ALSA: Add a reference counter to card instance Greg Kroah-Hartman
2012-11-15 4:11 ` [ 36/57] ALSA: Avoid endless sleep after disconnect Greg Kroah-Hartman
2012-11-15 4:11 ` [ 37/57] sctp: fix call to SCTP_CMD_PROCESS_SACK in sctp_cmd_interpreter() Greg Kroah-Hartman
2012-11-15 4:11 ` [ 38/57] netlink: use kfree_rcu() in netlink_release() Greg Kroah-Hartman
2012-11-15 4:11 ` [ 39/57] tcp: fix FIONREAD/SIOCINQ Greg Kroah-Hartman
2012-11-15 4:11 ` [ 40/57] ipv6: Set default hoplimit as zero Greg Kroah-Hartman
2012-11-15 4:11 ` [ 41/57] net: usb: Fix memory leak on Tx data path Greg Kroah-Hartman
2012-11-15 4:11 ` [ 42/57] net: fix divide by zero in tcp algorithm illinois Greg Kroah-Hartman
2012-11-15 4:11 ` [ 43/57] drivers/net/ethernet/nxp/lpc_eth.c: Call mdiobus_unregister before mdiobus_free Greg Kroah-Hartman
2012-11-15 4:11 ` [ 44/57] l2tp: fix oops in l2tp_eth_create() error path Greg Kroah-Hartman
2012-11-15 4:11 ` [ 45/57] net: inet_diag -- Return error code if protocol handler is missed Greg Kroah-Hartman
2012-11-15 4:11 ` [ 46/57] af-packet: fix oops when socket is not present Greg Kroah-Hartman
2012-11-15 4:11 ` [ 47/57] ipv6: send unsolicited neighbour advertisements to all-nodes Greg Kroah-Hartman
2012-11-15 4:11 ` [ 48/57] futex: Handle futex_pi OWNER_DIED take over correctly Greg Kroah-Hartman
2012-11-15 4:11 ` [ 49/57] mmc: sdhci: fix NULL dereference in sdhci_request() tuning Greg Kroah-Hartman
2012-11-15 4:11 ` [ 50/57] drm/vmwgfx: Fix hibernation device reset Greg Kroah-Hartman
2012-11-15 4:11 ` [ 51/57] drm/vmwgfx: Fix a case where the code would BUG when trying to pin GMR memory Greg Kroah-Hartman
2012-11-15 4:12 ` [ 52/57] drm/radeon/cayman: add some missing regs to the VM reg checker Greg Kroah-Hartman
2012-11-15 4:12 ` [ 53/57] drm/radeon/si: " Greg Kroah-Hartman
2012-11-15 4:12 ` [ 54/57] drm/i915: fixup infoframe support for sdvo Greg Kroah-Hartman
2012-11-15 4:12 ` [ 55/57] drm/i915: clear the entire sdvo infoframe buffer Greg Kroah-Hartman
2012-11-15 4:12 ` [ 56/57] USB: mos7840: remove unused variable Greg Kroah-Hartman
2012-11-15 4:12 ` [ 57/57] xfs: fix reading of wrapped log data Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121115040934.949746131@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Trond.Myklebust@netapp.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=richard.ems@cape-horn-eng.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.