From: Fu Liankun <fuliankun@cn.fujitsu.com>
To: linux-nfs@vger.kernel.org
Subject: [PATCH] pnfsd:use NULL pointer cause kernel oops in function __nfs4_lock_state
Date: Fri, 02 Dec 2011 11:11:43 +0800 [thread overview]
Message-ID: <4ED841EF.2010509@cn.fujitsu.com> (raw)
When I use PNFS to create an big file, the DS oops。Using NULL
pointer "client_mutex_owner" in function __nfs4_lock_state caused
the kernel oops.
Below is the log:
kernel: [ 950.164182] state lock taken by pid=1354 func=nfsd4_write
kernel: [ 950.731544] BUG: unable to handle kernel NULL pointer dereference at
00000204
kernel: [ 950.731606] IP: [<fa2fe533>] __nfs4_lock_state+0x2a/0x61 [nfsd]
kernel: [ 950.731682] *pde = 00000000
kernel: [ 950.731694] Oops: 0000 [#1] SMP
kernel: [ 950.731711] Modules linked in: nfsd lockd exportfs nfs_acl
auth_rpcgss sunrpc p4_clockmod freq_table speedstep_lib ipv6 uinput snd_intel8x0
snd_ac97_codec ac97_bus snd_seq snd_seq_device snd_pcm ppdev snd_timer sis900
parport_pc parport snd r8169 mii soundcore snd_page_alloc microcode serio_raw
pcspkr sata_sis ata_generic pata_acpi pata_sis [last unloaded: mperf]
kernel: [ 950.731840]
kernel: [ 950.731847] Pid: 1359, comm: nfsd Not tainted 3.1.0-rc8-pnfs+ #1 Acer
Aspire SA80/E661GXM
kernel: [ 950.731877] EIP: 0060:[<fa2fe533>] EFLAGS: 00010246 CPU: 0
kernel: [ 950.731907] EIP is at __nfs4_lock_state+0x2a/0x61 [nfsd]
kernel: [ 950.731922] EAX: 00000000 EBX: fa30c1f0 ECX: 00000000 EDX: fa313468
kernel: [ 950.731939] ESI: f46f7820 EDI: fa2f4e1c EBP: f4753e74 ESP: f4753e64
kernel: [ 950.731956] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
kernel: [ 950.731971] Process nfsd (pid: 1359, ti=f4752000 task=f5677110
task.ti=f4752000)
kernel: [ 950.731990] Stack:
kernel: [ 950.732014] f6b414e0 f47a7ac0 fa30c1f0 f46f7220 f4753ecc fa2f4e5b
00000002 f46f782c
kernel: [ 950.732014] f601d000 f46f7800 f46f7050 fa2f5fde f4753ecc fa2fcf7c
f9a0a2dc fffffffe
kernel: [ 950.732014] f601d000 f40900ac f46f7834 f4753ecc fa2f5396 00000000
f407b054 f46f7800
kernel: [ 950.732014] Call Trace:
kernel: [ 950.732014] [<fa2f4e5b>] nfsd4_write+0x3f/0x1ba [nfsd]
kernel: [ 950.732014] [<fa2f5fde>] ? encode_seqid_op_tail+0x48/0x48 [nfsd]
kernel: [ 950.732014] [<fa2fcf7c>] ? nfsd4_encode_operation+0x57/0x132 [nfsd]
kernel: [ 950.732014] [<fa2f5396>] ? nfsd4_putfh+0x3d/0x44 [nfsd]
kernel: [ 950.732014] [<fa2f4e1c>] ? nfsd4_get_verifier+0x33/0x33 [nfsd]
kernel: [ 950.732014] [<fa2f4303>] nfsd4_proc_compound+0x212/0x3bf [nfsd]
kernel: [ 950.732014] [<c105727a>] ? groups_alloc+0x35/0x9f
kernel: [ 950.732014] [<fa2e8750>] nfsd_dispatch+0xd5/0x1ab [nfsd]
kernel: [ 950.732014] [<f99f7595>] svc_process_common+0x289/0x487 [sunrpc]
kernel: [ 950.732014] [<f9a01dcf>] ? svc_xprt_received+0x2f/0x32 [sunrpc]
kernel: [ 950.732014] [<f9a02886>] ? svc_recv+0x63c/0x689 [sunrpc]
kernel: [ 950.732014] [<f99f7964>] svc_process+0xe2/0x100 [sunrpc]
kernel: [ 950.732014] [<fa2e8108>] nfsd+0xdf/0x119 [nfsd]
kernel: [ 950.732014] [<c102911c>] ? complete+0x47/0x4e
kernel: [ 950.732014] [<fa2e8029>] ? nfsd_shutdown+0x29/0x29 [nfsd]
kernel: [ 950.732014] [<c1050cd5>] kthread+0x67/0x6c
kernel: [ 950.732014] [<c1050c6e>] ? kthread_worker_fn+0x11d/0x11d
kernel: [ 950.732014] [<c13ee03e>] kernel_thread_helper+0x6/0x10
kernel: [ 950.732014] Code: c3 55 89 e5 53 83 ec 0c 3e 8d 74 26 00 89 c3 b8 68
34 31 fa e8 4c 91 0e c7 85 c0 75 2e a1 50 af 31 fa 89 44 24 08 a1 88 54 31 fa
<8b> 80 04 02 00 00 c7 04 24 c4 ee 30 fa 89 44 24 04 e8 e7 82 0e
kernel: [ 950.732014] EIP: [<fa2fe533>] __nfs4_lock_state+0x2a/0x61 [nfsd]
SS:ESP 0068:f4753e64
kernel: [ 950.732014] CR2: 0000000000000204
kernel: [ 950.735220] ---[ end trace b1bae82b987c9a28 ]---
The kernel run as like below will caused oops.
void
nfs4_unlock_state(void)
{
client_mutex_owner = NULL; ===>after this sentence, CPU schedule.
mutex_unlock(&client_mutex);
}
void
__nfs4_lock_state(const char *func)
{
if (!mutex_trylock(&client_mutex)) { =========> will fail here.
****"client_mutex_owner" is NULL,.then kernel oops when execute "printk "****
printk("state lock taken by pid=%d func=%s\n",
task_pid_nr(client_mutex_owner),
client_mutex_func);
mutex_lock(&client_mutex);
}
client_mutex_owner = current;
client_mutex_func = func;
}
Signed-off-by: Fu Liankun <fuliankun@cn.fujitsu.com>
---
fs/nfsd/nfs4state.c | 7 +------
1 files changed, 1 insertions(+), 6 deletions(-)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 5181598..71f00b7 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -88,12 +88,7 @@ static struct kmem_cache *deleg_slab = NULL;
void
__nfs4_lock_state(const char *func)
{
- if (!mutex_trylock(&client_mutex)) {
- printk("state lock taken by pid=%d func=%s\n",
- task_pid_nr(client_mutex_owner),
- client_mutex_func);
- mutex_lock(&client_mutex);
- }
+ mutex_lock(&client_mutex);
client_mutex_owner = current;
client_mutex_func = func;
}
-- 1.7.3.1
reply other threads:[~2011-12-02 3:05 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ED841EF.2010509@cn.fujitsu.com \
--to=fuliankun@cn.fujitsu.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.