From: Bian Naimeng <biannm@cn.fujitsu.com>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Adam Lackorzynski <adam@os.inf.tu-dresden.de>,
linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
stable@kernel.org
Subject: Re: 2.6.35.2: NFS related Oops
Date: Wed, 18 Aug 2010 10:12:17 +0800 [thread overview]
Message-ID: <4C6B4181.50100@cn.fujitsu.com> (raw)
In-Reply-To: <1282084985.18385.24.camel@heimdal.trondhjem.org>
> On Tue, 2010-08-17 at 19:14 +0200, Adam Lackorzynski wrote:
>> On Tue Aug 17, 2010 at 18:09:53 +0800, Bian Naimeng wrote:
>>> Please try to apply the followed patch.
>> Thanks, this fixes the Oops. Patch is required for both 2.6.35 and
>> 2.6.36 trees.
... snip ...
>> /* We can't create new files, or truncate existing ones here */
>> openflags &= ~(O_CREAT|O_TRUNC);
>> --
>
> Nope. The problem is the recent switch to LOOKUP_EXCL as the authority
> for whether or not we're doing an exclusive create.
>
> Does the following patch work?
>
Hi Trond, i guess it's not work.
As i see, if we want get LOOKUP_EXCL at nd->flags, we must open file with
O_CREAT and O_EXCL, "nd->flags & LOOKUP_EXCL" have the same effect with
"(openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)", so i think the kernel
still crash, right?
--
Regards
Bian Naimeng
> -----------------------------------------------------------------------------------------------
> NFS: Fix an Oops in the NFSv4 atomic open code
>
> From: Trond Myklebust <Trond.Myklebust@netapp.com>
>
> Adam Lackorzynski reports:
>
> with 2.6.35.2 I'm getting this reproducible Oops:
>
> [ 110.825396] BUG: unable to handle kernel NULL pointer dereference at
> (null)
> [ 110.828638] IP: [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
> [ 110.828638] PGD be89f067 PUD bf18f067 PMD 0
> [ 110.828638] Oops: 0000 [#1] SMP
> [ 110.828638] last sysfs file: /sys/class/net/lo/operstate
> [ 110.828638] CPU 2
> [ 110.828638] Modules linked in: rtc_cmos rtc_core rtc_lib amd64_edac_mod
> i2c_amd756 edac_core i2c_core dm_mirror dm_region_hash dm_log dm_snapshot
> sg sr_mod usb_storage ohci_hcd mptspi tg3 mptscsih mptbase usbcore nls_base
> [last unloaded: scsi_wait_scan]
> [ 110.828638]
> [ 110.828638] Pid: 11264, comm: setchecksum Not tainted 2.6.35.2 #1
> [ 110.828638] RIP: 0010:[<ffffffff811247b7>] [<ffffffff811247b7>]
> encode_attrs+0x1a/0x2a4
> [ 110.828638] RSP: 0000:ffff88003bf5b878 EFLAGS: 00010296
> [ 110.828638] RAX: ffff8800bddb48a8 RBX: ffff88003bf5bb18 RCX:
> 0000000000000000
> [ 110.828638] RDX: ffff8800be258800 RSI: 0000000000000000 RDI:
> ffff88003bf5b9f8
> [ 110.828638] RBP: 0000000000000000 R08: ffff8800bddb48a8 R09:
> 0000000000000004
> [ 110.828638] R10: 0000000000000003 R11: ffff8800be779000 R12:
> ffff8800be258800
> [ 110.828638] R13: ffff88003bf5b9f8 R14: ffff88003bf5bb20 R15:
> ffff8800be258800
> [ 110.828638] FS: 0000000000000000(0000) GS:ffff880041e00000(0063)
> knlGS:00000000556bd6b0
> [ 110.828638] CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
> [ 110.828638] CR2: 0000000000000000 CR3: 00000000be8ef000 CR4:
> 00000000000006e0
> [ 110.828638] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 110.828638] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 0000000000000400
> [ 110.828638] Process setchecksum (pid: 11264, threadinfo
> ffff88003bf5a000, task ffff88003f232210)
> [ 110.828638] Stack:
> [ 110.828638] 0000000000000000 ffff8800bfbcf920 0000000000000000
> 0000000000000ffe
> [ 110.828638] <0> 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> [ 110.828638] <0> 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> [ 110.828638] Call Trace:
> [ 110.828638] [<ffffffff81124c1f>] ? nfs4_xdr_enc_setattr+0x90/0xb4
> [ 110.828638] [<ffffffff81371161>] ? call_transmit+0x1c3/0x24a
> [ 110.828638] [<ffffffff813774d9>] ? __rpc_execute+0x78/0x22a
> [ 110.828638] [<ffffffff81371a91>] ? rpc_run_task+0x21/0x2b
> [ 110.828638] [<ffffffff81371b7e>] ? rpc_call_sync+0x3d/0x5d
> [ 110.828638] [<ffffffff8111e284>] ? _nfs4_do_setattr+0x11b/0x147
> [ 110.828638] [<ffffffff81109466>] ? nfs_init_locked+0x0/0x32
> [ 110.828638] [<ffffffff810ac521>] ? ifind+0x4e/0x90
> [ 110.828638] [<ffffffff8111e2fb>] ? nfs4_do_setattr+0x4b/0x6e
> [ 110.828638] [<ffffffff8111e634>] ? nfs4_do_open+0x291/0x3a6
> [ 110.828638] [<ffffffff8111ed81>] ? nfs4_open_revalidate+0x63/0x14a
> [ 110.828638] [<ffffffff811056c4>] ? nfs_open_revalidate+0xd7/0x161
> [ 110.828638] [<ffffffff810a2de4>] ? do_lookup+0x1a4/0x201
> [ 110.828638] [<ffffffff810a4733>] ? link_path_walk+0x6a/0x9d5
> [ 110.828638] [<ffffffff810a42b6>] ? do_last+0x17b/0x58e
> [ 110.828638] [<ffffffff810a5fbe>] ? do_filp_open+0x1bd/0x56e
> [ 110.828638] [<ffffffff811cd5e0>] ? _atomic_dec_and_lock+0x30/0x48
> [ 110.828638] [<ffffffff810a9b1b>] ? dput+0x37/0x152
> [ 110.828638] [<ffffffff810ae063>] ? alloc_fd+0x69/0x10a
> [ 110.828638] [<ffffffff81099f39>] ? do_sys_open+0x56/0x100
> [ 110.828638] [<ffffffff81027a22>] ? ia32_sysret+0x0/0x5
> [ 110.828638] Code: 83 f1 01 e8 f5 ca ff ff 48 83 c4 50 5b 5d 41 5c c3 41
> 57 41 56 41 55 49 89 fd 41 54 49 89 d4 55 48 89 f5 53 48 81 ec 18 01 00 00
> <8b> 06 89 c2 83 e2 08 83 fa 01 19 db 83 e3 f8 83 c3 18 a8 01 8d
> [ 110.828638] RIP [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
> [ 110.828638] RSP <ffff88003bf5b878>
> [ 110.828638] CR2: 0000000000000000
> [ 112.840396] ---[ end trace 95282e83fd77358f ]---
>
> It looks as if Al Viro's commit 3516586a424ea5727be089da6541cbd5644f0497
> (make O_EXCL in nd->intent.flags visible in nd->flags) missed a case.
>
> Cc: stable@kernel.org
> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
> ---
>
> fs/nfs/dir.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
>
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index bd91b27..275efac 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1107,7 +1107,7 @@ static int nfs_open_revalidate(struct dentry *dentry, struct nameidata *nd)
> goto no_open_dput;
> openflags = nd->intent.open.flags;
> /* We cannot do exclusive creation on a positive dentry */
> - if ((openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL))
> + if (nd->flags & LOOKUP_EXCL)
> goto no_open_dput;
> /* We can't create new files, or truncate existing ones here */
> openflags &= ~(O_CREAT|O_TRUNC);
>
next prev parent reply other threads:[~2010-08-18 2:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-16 21:50 2.6.35.2: NFS related Oops Adam Lackorzynski
2010-08-17 10:09 ` Bian Naimeng
2010-08-17 17:14 ` Adam Lackorzynski
2010-08-17 22:43 ` Trond Myklebust
2010-08-18 2:12 ` Bian Naimeng [this message]
2010-08-18 2:49 ` Bian Naimeng
2010-08-18 11:36 ` Adam Lackorzynski
2010-08-18 13:36 ` Trond Myklebust
2010-08-18 15:44 ` Adam Lackorzynski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C6B4181.50100@cn.fujitsu.com \
--to=biannm@cn.fujitsu.com \
--cc=Trond.Myklebust@netapp.com \
--cc=adam@os.inf.tu-dresden.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.