From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>,
Weston Andros Adamson <dros@netapp.com>,
Trond Myklebust <Trond.Myklebust@netapp.com>
Subject: [ 029/100] NFSv4.1: Hold reference to layout hdr in layoutget
Date: Tue, 12 Mar 2013 15:31:14 -0700 [thread overview]
Message-ID: <20130312223126.165828459@linuxfoundation.org> (raw)
In-Reply-To: <20130312223122.884099393@linuxfoundation.org>
3.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Weston Andros Adamson <dros@netapp.com>
commit a47970ff7814718fec31b7d966747c6aa1a3545f upstream.
This fixes an oops where a LAYOUTGET is in still in the rpciod queue,
but the requesting processes has been killed. Without this, killing
the process does the final pnfs_put_layout_hdr() and sets NFS_I(inode)->layout
to NULL while the LAYOUTGET rpc task still references it.
Example oops:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
IP: [<ffffffffa01bd586>] pnfs_choose_layoutget_stateid+0x37/0xef [nfsv4]
PGD 7365b067 PUD 7365d067 PMD 0
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: nfs_layout_nfsv41_files nfsv4 auth_rpcgss nfs lockd sunrpc ipt_MASQUERADE ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle ip6table_filter ip6_tables ppdev e1000 i2c_piix4 i2c_core shpchp parport_pc parport crc32c_intel aesni_intel xts aes_x86_64 lrw gf128mul ablk_helper cryptd mptspi scsi_transport_spi mptscsih mptbase floppy autofs4
CPU 0
Pid: 27, comm: kworker/0:1 Not tainted 3.8.0-dros_cthon2013+ #4 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
RIP: 0010:[<ffffffffa01bd586>] [<ffffffffa01bd586>] pnfs_choose_layoutget_stateid+0x37/0xef [nfsv4]
RSP: 0018:ffff88007b0c1c88 EFLAGS: 00010246
RAX: ffff88006ed36678 RBX: 0000000000000000 RCX: 0000000ea877e3bc
RDX: ffff88007a729da8 RSI: 0000000000000000 RDI: ffff88007a72b958
RBP: ffff88007b0c1ca8 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88007a72b958
R13: ffff88007a729da8 R14: 0000000000000000 R15: ffffffffa011077e
FS: 0000000000000000(0000) GS:ffff88007f600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000080 CR3: 00000000735f8000 CR4: 00000000001407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process kworker/0:1 (pid: 27, threadinfo ffff88007b0c0000, task ffff88007c2fa0c0)
Stack:
ffff88006fc05388 ffff88007a72b908 ffff88007b240900 ffff88006fc05388
ffff88007b0c1cd8 ffffffffa01a2170 ffff88007b240900 ffff88007b240900
ffff88007b240970 ffffffffa011077e ffff88007b0c1ce8 ffffffffa0110791
Call Trace:
[<ffffffffa01a2170>] nfs4_layoutget_prepare+0x7b/0x92 [nfsv4]
[<ffffffffa011077e>] ? __rpc_atrun+0x15/0x15 [sunrpc]
[<ffffffffa0110791>] rpc_prepare_task+0x13/0x15 [sunrpc]
Reported-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4proc.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6087,11 +6087,13 @@ static struct page **nfs4_alloc_pages(si
static void nfs4_layoutget_release(void *calldata)
{
struct nfs4_layoutget *lgp = calldata;
- struct nfs_server *server = NFS_SERVER(lgp->args.inode);
+ struct inode *inode = lgp->args.inode;
+ struct nfs_server *server = NFS_SERVER(inode);
size_t max_pages = max_response_pages(server);
dprintk("--> %s\n", __func__);
nfs4_free_pages(lgp->args.layout.pages, max_pages);
+ pnfs_put_layout_hdr(NFS_I(inode)->layout);
put_nfs_open_context(lgp->args.ctx);
kfree(calldata);
dprintk("<-- %s\n", __func__);
@@ -6106,7 +6108,8 @@ static const struct rpc_call_ops nfs4_la
struct pnfs_layout_segment *
nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
{
- struct nfs_server *server = NFS_SERVER(lgp->args.inode);
+ struct inode *inode = lgp->args.inode;
+ struct nfs_server *server = NFS_SERVER(inode);
size_t max_pages = max_response_pages(server);
struct rpc_task *task;
struct rpc_message msg = {
@@ -6136,6 +6139,10 @@ nfs4_proc_layoutget(struct nfs4_layoutge
lgp->res.layoutp = &lgp->args.layout;
lgp->res.seq_res.sr_slot = NULL;
nfs41_init_sequence(&lgp->args.seq_args, &lgp->res.seq_res, 0);
+
+ /* nfs4_layoutget_release calls pnfs_put_layout_hdr */
+ pnfs_get_layout_hdr(NFS_I(inode)->layout);
+
task = rpc_run_task(&task_setup_data);
if (IS_ERR(task))
return ERR_CAST(task);
next prev parent reply other threads:[~2013-03-12 23:17 UTC|newest]
Thread overview: 120+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-12 22:30 [ 000/100] 3.8.3-stable review Greg Kroah-Hartman
2013-03-12 22:30 ` [ 001/100] ARM: VFP: fix emulation of second VFP instruction Greg Kroah-Hartman
2013-03-12 22:30 ` [ 002/100] ARM: fix scheduling while atomic warning in alignment handling code Greg Kroah-Hartman
2013-03-12 22:30 ` [ 003/100] ARM: 7653/2: do not scale loops_per_jiffy when using a constant delay clock Greg Kroah-Hartman
2013-03-12 22:30 ` [ 004/100] ARM: 7654/1: Preserve L_PTE_VALID in pte_modify() Greg Kroah-Hartman
2013-03-12 22:30 ` [ 005/100] USB: EHCI: revert "remove ASS/PSS polling timeout" Greg Kroah-Hartman
2013-03-12 22:30 ` [ 006/100] xenbus: fix compile failure on ARM with Xen enabled Greg Kroah-Hartman
2013-03-12 22:30 ` [ 007/100] xen/pat: Disable PAT using pat_enabled value Greg Kroah-Hartman
2013-03-12 22:30 ` [ 008/100] xen/pci: We dont do multiple MSIs Greg Kroah-Hartman
2013-03-12 22:30 ` [ 009/100] watchdog: da9055_wdt needs to select WATCHDOG_CORE Greg Kroah-Hartman
2013-03-12 22:30 ` [ 010/100] watchdog: sp5100_tco: Fix wrong indirect I/O access for getting value of reserved bits Greg Kroah-Hartman
2013-03-12 22:30 ` [ 011/100] watchdog: sp5100_tco: Write back the original value to reserved bits, instead of zero Greg Kroah-Hartman
2013-03-12 22:30 ` [ 012/100] sony-laptop: fully enable SNY controlled modems Greg Kroah-Hartman
2013-03-12 22:30 ` [ 013/100] SCSI: dc395x: uninitialized variable in device_alloc() Greg Kroah-Hartman
2013-03-12 22:30 ` [ 014/100] SCSI: storvsc: Initialize the sglist Greg Kroah-Hartman
2013-03-12 22:31 ` [ 015/100] target/pscsi: Fix page increment Greg Kroah-Hartman
2013-03-12 22:31 ` [ 016/100] iscsi-target: Fix immediate queue starvation regression with DATAIN Greg Kroah-Hartman
2013-03-12 22:31 ` [ 017/100] ext4: convert number of blocks to clusters properly Greg Kroah-Hartman
2013-03-12 22:31 ` [ 018/100] btrfs: Init io_lock after cloning btrfs device struct Greg Kroah-Hartman
2013-03-12 22:31 ` [ 019/100] Btrfs: copy everything if weve created an inline extent Greg Kroah-Hartman
2013-03-12 22:31 ` [ 020/100] Btrfs: delete inline extents when we find them during logging Greg Kroah-Hartman
2013-03-12 22:31 ` [ 021/100] cifs: ensure that cifs_get_root() only traverses directories Greg Kroah-Hartman
2013-03-12 22:31 ` [ 022/100] dm: fix truncated status strings Greg Kroah-Hartman
2013-03-12 22:31 ` [ 023/100] dm: do not replace bioset for request based dm Greg Kroah-Hartman
2013-03-12 22:31 ` [ 024/100] dm: fix limits initialization when there are no data devices Greg Kroah-Hartman
2013-03-12 22:31 ` [ 025/100] dm snapshot: add missing module aliases Greg Kroah-Hartman
2013-03-12 22:31 ` [ 026/100] NFS: Dont allow NFS silly-renamed files to be deleted, no signal Greg Kroah-Hartman
2013-03-12 22:31 ` [ 027/100] SUNRPC: Dont start the retransmission timer when out of socket space Greg Kroah-Hartman
2013-03-12 22:31 ` [ 028/100] pnfs: fix resend_to_mds for directio Greg Kroah-Hartman
2013-03-12 22:31 ` Greg Kroah-Hartman [this message]
2013-03-14 1:22 ` [ 029/100] NFSv4.1: Hold reference to layout hdr in layoutget Ben Hutchings
2013-03-12 22:31 ` [ 030/100] hw_random: make buffer usable in scatterlist Greg Kroah-Hartman
2013-03-12 22:31 ` [ 031/100] iwlwifi: always copy first 16 bytes of commands Greg Kroah-Hartman
2013-03-14 1:50 ` Ben Hutchings
2013-03-14 2:05 ` Ben Hutchings
2013-03-14 6:31 ` Berg, Johannes
2013-03-14 6:31 ` Berg, Johannes
2013-03-14 14:23 ` Ben Hutchings
2013-03-12 22:31 ` [ 032/100] mwifiex: correct sleep delay counter Greg Kroah-Hartman
2013-03-12 22:31 ` [ 033/100] libertas: fix crash for SD8688 Greg Kroah-Hartman
2013-03-12 22:31 ` [ 034/100] ath9k: fix RSSI dummy marker value Greg Kroah-Hartman
2013-03-12 22:31 ` [ 035/100] ath9k_htc: fix signal strength handling issues Greg Kroah-Hartman
2013-03-12 22:31 ` [ 036/100] ath9k_hw: improve reset reliability after errors Greg Kroah-Hartman
2013-03-12 22:31 ` [ 037/100] proc connector: reject unprivileged listener bumps Greg Kroah-Hartman
2013-03-12 22:31 ` [ 038/100] nohz: Make tick_nohz_irq_exit() irq safe Greg Kroah-Hartman
2013-03-12 22:31 ` [ 039/100] md: protect against crash upon fsync on ro array Greg Kroah-Hartman
2013-03-12 22:31 ` [ 040/100] md: fix two bugs when attempting to resize RAID0 array Greg Kroah-Hartman
2013-03-12 22:31 ` [ 041/100] md: raid0: fix error return from create_stripe_zones Greg Kroah-Hartman
2013-03-12 22:31 ` [ 042/100] md/raid1,raid10: fix deadlock with freeze_array() Greg Kroah-Hartman
2013-03-12 22:31 ` [ 043/100] hwmon: (sht15) Check return value of regulator_enable() Greg Kroah-Hartman
2013-03-12 22:31 ` [ 044/100] hwmon: (pmbus/ltc2978) Fix peak attribute handling Greg Kroah-Hartman
2013-03-12 22:31 ` [ 045/100] hwmon: (pmbus/ltc2978) Use detected chip ID to select supported functionality Greg Kroah-Hartman
2013-03-12 22:31 ` [ 046/100] drm/radeon: dont set hpd, afmt interrupts when interrupts are disabled Greg Kroah-Hartman
2013-03-12 22:31 ` [ 047/100] drm/radeon: add primary dac adj quirk for R200 board Greg Kroah-Hartman
2013-03-12 22:31 ` [ 048/100] ARM: 7657/1: head: fix swapper and idmap population with LPAE and big-endian Greg Kroah-Hartman
2013-03-12 22:31 ` [ 049/100] ARM: 7658/1: mm: fix race updating mm->context.id on ASID rollover Greg Kroah-Hartman
2013-03-12 22:31 ` [ 050/100] ARM: 7659/1: mm: make mm->context.id an atomic64_t variable Greg Kroah-Hartman
2013-03-12 22:31 ` [ 051/100] ARM: 7663/1: perf: fix ARMv7 EVTYPE_MASK to include NSH bit Greg Kroah-Hartman
2013-03-12 22:31 ` [ 052/100] drm/i915: Increase the RC6p threshold Greg Kroah-Hartman
2013-03-18 1:11 ` Ben Hutchings
2013-03-18 19:38 ` Greg Kroah-Hartman
2013-03-18 19:38 ` Greg Kroah-Hartman
[not found] ` <CADMs+9bmi2fNMV=9OaL-JvBJxu1=HWMYAVMm81v7rKDPnDyewA@mail.gmail.com>
2013-03-18 19:50 ` Greg Kroah-Hartman
2013-03-18 19:50 ` Greg Kroah-Hartman
2013-03-12 22:31 ` [ 053/100] drm/i915: Fix Haswell/CRW PCI IDs Greg Kroah-Hartman
2013-03-12 22:31 ` [ 054/100] drm/i915: reorder setup sequence to have irqs for output setup Greg Kroah-Hartman
2013-03-12 22:31 ` [ 055/100] drm/i915: enable irqs earlier when resuming Greg Kroah-Hartman
2013-03-12 22:31 ` [ 056/100] drm/i915: Turn off hsync and vsync on ADPA when disabling crt Greg Kroah-Hartman
2013-03-12 22:31 ` [ 057/100] ipc: fix potential oops when src msg > 4k w/ MSG_COPY Greg Kroah-Hartman
2013-03-12 22:31 ` [ 058/100] ipc: dont allocate a copy larger than max Greg Kroah-Hartman
2013-03-12 22:31 ` [ 059/100] dmi_scan: fix missing check for _DMI_ signature in smbios_present() Greg Kroah-Hartman
2013-03-12 22:31 ` [ 060/100] ALSA: ice1712: Initialize card->private_data properly Greg Kroah-Hartman
2013-03-12 22:31 ` [ 061/100] ALSA: vmaster: Fix slave change notification Greg Kroah-Hartman
2013-03-12 22:31 ` [ 062/100] vfs: dont BUG_ON() if following a /proc fd pseudo-symlink results in a symlink Greg Kroah-Hartman
2013-03-12 22:31 ` [ 063/100] proc: Use nd_jump_link in proc_ns_follow_link Greg Kroah-Hartman
2013-03-12 22:31 ` [ 064/100] tile: work around bug in the generic sys_llseek Greg Kroah-Hartman
2013-03-12 22:31 ` [ 065/100] random: fix locking dependency with the tasklist_lock Greg Kroah-Hartman
2013-03-12 22:31 ` [ 066/100] mm/mempolicy.c: fix wrong sp_node insertion Greg Kroah-Hartman
2013-03-12 22:31 ` [ 067/100] CIFS: Fix missing of oplock_read value in smb30_values structure Greg Kroah-Hartman
2013-03-12 22:31 ` [ 068/100] mac80211: Fix crash due to un-canceled work-items Greg Kroah-Hartman
2013-03-12 22:31 ` [ 069/100] e1000e: fix pci-device enable-counter balance Greg Kroah-Hartman
2013-03-13 7:52 ` Konstantin Khlebnikov
2013-03-13 8:28 ` Konstantin Khlebnikov
2013-03-12 22:31 ` [ 070/100] tg3: Update link_up flag for phylib devices Greg Kroah-Hartman
2013-03-12 22:31 ` [ 071/100] efivars: efivarfs_valid_name() should handle pstore syntax Greg Kroah-Hartman
2013-03-12 22:31 ` [ 072/100] efivarfs: return accurate error code in efivarfs_fill_super() Greg Kroah-Hartman
2013-03-12 22:31 ` [ 073/100] userns: Stop oopsing in key_change_session_keyring Greg Kroah-Hartman
2013-03-12 22:31 ` [ 074/100] x86: pvclock kvm: align allocation size to page size Greg Kroah-Hartman
2013-03-12 22:32 ` [ 075/100] HID: logitech-dj: do not directly call hid_output_raw_report() during probe Greg Kroah-Hartman
2013-03-12 22:32 ` [ 076/100] Btrfs: account for orphan inodes properly during cleanup Greg Kroah-Hartman
2013-03-12 22:32 ` [ 077/100] Btrfs: cleanup orphan reservation if truncate fails Greg Kroah-Hartman
2013-03-12 22:32 ` [ 078/100] x86/kvm: Fix pvclock vsyscall fixmap Greg Kroah-Hartman
2013-03-12 22:32 ` [ 079/100] mfd: rtsx: Optimize card detect flow Greg Kroah-Hartman
2013-03-12 22:32 ` [ 080/100] mfd: rtsx: Fix issue that booting OS with SD card inserted Greg Kroah-Hartman
2013-03-12 22:32 ` [ 081/100] crypto: user - fix info leaks in report API Greg Kroah-Hartman
2013-03-12 22:32 ` Greg Kroah-Hartman
2013-03-12 22:32 ` [ 082/100] acer-wmi: avoid the warning of devices may be used uninitialized Greg Kroah-Hartman
2013-03-12 22:32 ` [ 083/100] usbnet: smsc95xx: fix suspend failure Greg Kroah-Hartman
2013-03-12 22:32 ` [ 084/100] keys: fix race with concurrent install_user_keyrings() Greg Kroah-Hartman
2013-03-12 22:32 ` [ 085/100] Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys Greg Kroah-Hartman
2013-03-12 22:32 ` [ 086/100] vfs: fix pipe counter breakage Greg Kroah-Hartman
2013-03-12 22:32 ` [ 087/100] rtc: rtc-mv: Add support for clk to avoid lockups Greg Kroah-Hartman
2013-03-12 22:32 ` [ 088/100] gpio: mvebu: Add clk support to prevent lockup Greg Kroah-Hartman
2013-03-12 22:32 ` [ 089/100] ARM: mxs_defconfig: Make USB host functional again Greg Kroah-Hartman
2013-03-12 22:32 ` [ 090/100] ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency Greg Kroah-Hartman
2013-03-12 22:32 ` [ 091/100] powerpc: Apply early paca fixups to boot_paca and the boot cpus paca Greg Kroah-Hartman
2013-03-12 22:32 ` [ 092/100] ftrace: Update the kconfig for DYNAMIC_FTRACE Greg Kroah-Hartman
2013-03-12 22:32 ` [ 093/100] efivars: Disable external interrupt while holding efivars->lock Greg Kroah-Hartman
2013-03-12 22:32 ` [ 094/100] efi: be more paranoid about available space when creating variables Greg Kroah-Hartman
2013-03-12 22:32 ` [ 095/100] USB: Dont use EHCI port sempahore for USB 3.0 hubs Greg Kroah-Hartman
2013-03-12 22:32 ` [ 096/100] USB: Prepare for refactoring by adding extra udev checks Greg Kroah-Hartman
2013-03-12 22:32 ` [ 097/100] USB: Rip out recursive call on warm port reset Greg Kroah-Hartman
2013-03-12 22:32 ` [ 098/100] USB: Fix connected device switch to Inactive state Greg Kroah-Hartman
2013-03-12 22:32 ` [ 099/100] Revert "xen/blkback: Dont trust the handle from the frontend." Greg Kroah-Hartman
2013-03-12 22:32 ` [ 100/100] w1-gpio: fix section mismatch Greg Kroah-Hartman
2013-03-13 3:56 ` [ 000/100] 3.8.3-stable review Shuah Khan
2013-03-13 4:28 ` Greg Kroah-Hartman
2013-03-13 8:02 ` Andre Heider
2013-03-13 8:33 ` David Miller
2013-03-13 9:13 ` Andre Heider
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130312223126.165828459@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Trond.Myklebust@netapp.com \
--cc=dros@netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tigran.mkrtchyan@desy.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.