public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
From: Wang Chen <wangchen@cn.fujitsu.com>
To: bfields@fieldses.org, neilb@suse.de, Trond.Myklebust@netapp.com
Cc: linux-nfs@vger.kernel.org, FNST-Bian Naimeng <biannm@cn.fujitsu.com>
Subject: [PATCH V2] nfs lockd: detect grace_list corruption
Date: Fri, 24 Apr 2009 15:35:05 +0800	[thread overview]
Message-ID: <49F16BA9.20002@cn.fujitsu.com> (raw)
In-Reply-To: <49F12D78.2040304@cn.fujitsu.com>

V1->V2:
	- remove useless variable which was dirty code
	- use INIT_LIST_HEAD(&lm->list) to initialize lm->list

>From 6dd710c220ea72af41d7679b42e4e6eddff051b5 Mon Sep 17 00:00:00 2001
From: Wang Chen <wangchen@cn.fujitsu.com>
Date: Fri, 24 Apr 2009 15:09:55 +0800
Subject: [PATCH] nfs lockd: detect grace_list corruption

Although I can't reproduce it now, it really happened that some lock manager
started grace period but didn't end it.
This causes an lm entry be left in grace_list, and when service nfs restart,
the same lm will be added again into the list.
As you know, adding an entry, which is in the list, to a list will leads to
list corruption.

The following is the dmesg information:
------------[ cut here ]------------
WARNING: at lib/list_debug.c:26 __list_add+0x27/0x5c()
Hardware name: Presario M2000 (PT365PA#AB2)
list_add corruption. next->prev should be prev (ef8fe958), but was ef8ff128. (next=ef8ff128).
Modules linked in: fuse i915 drm i2c_algo_bit nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipv6 p4_clockmod dm_multipath uinput snd_intel8x0m snd_intel8x0 snd_seq_dummy snd_ac97_codec ac97_bus snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore 8139cp firewire_ohci firewire_core snd_page_alloc tifm_7xx1 i2c_i801 iTCO_wdt 8139too tifm_core i2c_core yenta_socket crc_itu_t iTCO_vendor_support pcspkr mii rsrc_nonstatic wmi video output ata_generic pata_acpi [last unloaded: microcode]
Pid: 23062, comm: lockd Tainted: G        W  2.6.30-rc2 #3
Call Trace:
[<c042d5b5>] warn_slowpath+0x71/0xa0
[<c0422a96>] ? update_curr+0x11d/0x125
[<c044b12d>] ? trace_hardirqs_on_caller+0x18/0x150
[<c044b270>] ? trace_hardirqs_on+0xb/0xd
[<c051c61a>] ? _raw_spin_lock+0x53/0xfa
[<c051c89f>] __list_add+0x27/0x5c
[<ef8f6daa>] locks_start_grace+0x22/0x30 [lockd]
[<ef8f34da>] set_grace_period+0x39/0x53 [lockd]
[<c06b8921>] ? lock_kernel+0x1c/0x28
[<ef8f3558>] lockd+0x64/0x164 [lockd]
[<c044b12d>] ? trace_hardirqs_on_caller+0x18/0x150
[<c04227b0>] ? complete+0x34/0x3e
[<ef8f34f4>] ? lockd+0x0/0x164 [lockd]
[<ef8f34f4>] ? lockd+0x0/0x164 [lockd]
[<c043dd42>] kthread+0x45/0x6b
[<c043dcfd>] ? kthread+0x0/0x6b
[<c0403c23>] kernel_thread_helper+0x7/0x10
---[ end trace fa484bd6d19ade89 ]---
NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
NFSD: starting 90-second grace period
------------------------

To prevent list corruption, don't add entry which is already in the list
and do WARN.

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Reviewed-by: Bian Naimeng <biannm@cn.fujitsu.com>
---
 fs/lockd/grace.c    |    7 +++++++
 fs/lockd/svc.c      |    2 ++
 fs/nfsd/nfs4state.c |    1 +
 3 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/fs/lockd/grace.c b/fs/lockd/grace.c
index 183cc1f..da52c35 100644
--- a/fs/lockd/grace.c
+++ b/fs/lockd/grace.c
@@ -22,7 +22,14 @@ static DEFINE_SPINLOCK(grace_lock);
 void locks_start_grace(struct lock_manager *lm)
 {
 	spin_lock(&grace_lock);
+	if (!list_empty(&lm->list)) {
+		WARN(1, "lock manager(%p) exists. locks_start_grace() "
+			"and locks_end_grace() were not called pairly."
+			"\n", lm);
+		goto unlock;
+	}
 	list_add(&lm->list, &grace_list);
+unlock:
 	spin_unlock(&grace_lock);
 }
 EXPORT_SYMBOL_GPL(locks_start_grace);
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
index abf8388..76a1f61 100644
--- a/fs/lockd/svc.c
+++ b/fs/lockd/svc.c
@@ -113,6 +113,8 @@ lockd(void *vrqstp)
 	int		err = 0, preverr = 0;
 	struct svc_rqst *rqstp = vrqstp;
 
+	INIT_LIST_HEAD(&lockd_manager.list);
+
 	/* try_to_freeze() is called from svc_recv() */
 	set_freezable();
 
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index c65a27b..86b9afd 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4079,6 +4079,7 @@ nfs4_state_start(void)
 {
 	if (nfs4_init)
 		return;
+	INIT_LIST_HEAD(&nfsd4_manager.list);
 	nfsd4_load_reboot_recovery_data();
 	__nfs4_state_start();
 	nfs4_init = 1;
-- 
1.6.0.6



  parent reply	other threads:[~2009-04-24  7:35 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-04-24  3:09 [PATCH] nfs lockd: detect grace_list corruption Wang Chen
2009-04-24  5:15 ` Bian Naimeng
2009-04-24  7:35 ` Wang Chen [this message]
2009-04-24 23:12 ` J. Bruce Fields
2009-05-06  9:17   ` Wang Chen
2009-05-06 20:32     ` J. Bruce Fields
2009-05-07  6:51       ` Wang Chen
2009-05-08 18:26         ` J. Bruce Fields
2009-05-11  6:13           ` Wang Chen
2009-05-11 20:57             ` J. Bruce Fields
2009-05-12  0:43               ` Wang Chen
2009-05-12 19:13                 ` J. Bruce Fields
2009-05-13  2:24                   ` Wang Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49F16BA9.20002@cn.fujitsu.com \
    --to=wangchen@cn.fujitsu.com \
    --cc=Trond.Myklebust@netapp.com \
    --cc=bfields@fieldses.org \
    --cc=biannm@cn.fujitsu.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox