From: Chris Wright <chrisw@sous-sol.org>
To: linux-kernel@vger.kernel.org, stable@kernel.org, torvalds@osdl.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
akpm@osdl.org, alan@lxorguk.ukuu.org.uk, jkosina@suse.cz,
raven@themaw.net
Subject: [patch 28/32] autofs: fix error code path in autofs_fill_sb()
Date: Fri, 08 Dec 2006 15:58:19 -0800 [thread overview]
Message-ID: <20061209000246.210981000@sous-sol.org> (raw)
In-Reply-To: 20061208235751.890503000@sous-sol.org
[-- Attachment #1: autofs-fix-error-code-path-in-autofs_fill_sb.patch --]
[-- Type: text/plain, Size: 4225 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Jiri Kosina <jkosina@suse.cz>
When kernel is compiled with old version of autofs (CONFIG_AUTOFS_FS), and
new (observed at least with 5.x.x) automount deamon is started, kernel
correctly reports incompatible version of kernel and userland daemon, but
then screws things up instead of correct handling of the error:
autofs: kernel does not match daemon version
=====================================
[ BUG: bad unlock balance detected! ]
-------------------------------------
automount/4199 is trying to release lock (&type->s_umount_key) at:
[<c0163b9e>] get_sb_nodev+0x76/0xa4
but there are no more locks to release!
other info that might help us debug this:
no locks held by automount/4199.
stack backtrace:
[<c0103b15>] dump_trace+0x68/0x1b2
[<c0103c77>] show_trace_log_lvl+0x18/0x2c
[<c01041db>] show_trace+0xf/0x11
[<c010424d>] dump_stack+0x12/0x14
[<c012e02c>] print_unlock_inbalance_bug+0xe7/0xf3
[<c012fd4f>] lock_release+0x8d/0x164
[<c012b452>] up_write+0x14/0x27
[<c0163b9e>] get_sb_nodev+0x76/0xa4
[<c0163689>] vfs_kern_mount+0x83/0xf6
[<c016373e>] do_kern_mount+0x2d/0x3e
[<c017513f>] do_mount+0x607/0x67a
[<c0175224>] sys_mount+0x72/0xa4
[<c0102b96>] sysenter_past_esp+0x5f/0x99
DWARF2 unwinder stuck at sysenter_past_esp+0x5f/0x99
Leftover inexact backtrace:
=======================
and then deadlock comes.
The problem: autofs_fill_super() returns EINVAL to get_sb_nodev(), but
before that, it calls kill_anon_super() to destroy the superblock which
won't be needed. This is however way too soon to call kill_anon_super(),
because get_sb_nodev() has to perform its own cleanup of the superblock
first (deactivate_super(), etc.). The correct time to call
kill_anon_super() is in the autofs_kill_sb() callback, which is called by
deactivate_super() at proper time, when the superblock is ready to be
killed.
I can see the same faulty codepath also in autofs4. This patch solves
issues in both filesystems in a same way - it postpones the
kill_anon_super() until the proper time is signalized by deactivate_super()
calling the kill_sb() callback.
[raven@themaw.net: update comment]
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Ian Kent <raven@themaw.net>
Cc: <stable@kernel.org>
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---
fs/autofs/inode.c | 7 ++++---
fs/autofs4/inode.c | 7 ++++---
2 files changed, 8 insertions(+), 6 deletions(-)
--- linux-2.6.19.orig/fs/autofs/inode.c
+++ linux-2.6.19/fs/autofs/inode.c
@@ -28,10 +28,11 @@ void autofs_kill_sb(struct super_block *
/*
* In the event of a failure in get_sb_nodev the superblock
* info is not present so nothing else has been setup, so
- * just exit when we are called from deactivate_super.
+ * just call kill_anon_super when we are called from
+ * deactivate_super.
*/
if (!sbi)
- return;
+ goto out_kill_sb;
if ( !sbi->catatonic )
autofs_catatonic_mode(sbi); /* Free wait queues, close pipe */
@@ -44,6 +45,7 @@ void autofs_kill_sb(struct super_block *
kfree(sb->s_fs_info);
+out_kill_sb:
DPRINTK(("autofs: shutting down\n"));
kill_anon_super(sb);
}
@@ -209,7 +211,6 @@ fail_iput:
fail_free:
kfree(sbi);
s->s_fs_info = NULL;
- kill_anon_super(s);
fail_unlock:
return -EINVAL;
}
--- linux-2.6.19.orig/fs/autofs4/inode.c
+++ linux-2.6.19/fs/autofs4/inode.c
@@ -152,10 +152,11 @@ void autofs4_kill_sb(struct super_block
/*
* In the event of a failure in get_sb_nodev the superblock
* info is not present so nothing else has been setup, so
- * just exit when we are called from deactivate_super.
+ * just call kill_anon_super when we are called from
+ * deactivate_super.
*/
if (!sbi)
- return;
+ goto out_kill_sb;
sb->s_fs_info = NULL;
@@ -167,6 +168,7 @@ void autofs4_kill_sb(struct super_block
kfree(sbi);
+out_kill_sb:
DPRINTK("shutting down");
kill_anon_super(sb);
}
@@ -426,7 +428,6 @@ fail_ino:
fail_free:
kfree(sbi);
s->s_fs_info = NULL;
- kill_anon_super(s);
fail_unlock:
return -EINVAL;
}
--
next prev parent reply other threads:[~2006-12-09 0:08 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-08 23:57 [patch 00/32] -stable review Chris Wright
2006-12-08 23:57 ` [patch 01/32] IPV6 NDISC: Calculate packet length correctly for allocation Chris Wright
2006-12-08 23:57 ` [patch 02/32] softmac: remove netif_tx_disable when scanning Chris Wright
2006-12-08 23:57 ` [patch 03/32] EBTABLES: Fix wraparounds in ebt_entries verification Chris Wright
2006-12-08 23:57 ` [patch 04/32] EBTABLES: Verify that ebt_entries have zero ->distinguisher Chris Wright
2006-12-08 23:57 ` [patch 05/32] EBTABLES: Deal with the worst-case behaviour in loop checks Chris Wright
2006-12-08 23:57 ` [patch 06/32] EBTABLES: Prevent wraparounds in checks for entry components sizes Chris Wright
2006-12-08 23:57 ` [patch 07/32] NET_SCHED: policer: restore compatibility with old iproute binaries Chris Wright
2006-12-08 23:57 ` [patch 08/32] cryptoloop: Select CRYPTO_CBC Chris Wright
2006-12-09 6:32 ` Rene Herman
2006-12-09 22:50 ` Herbert Xu
2006-12-08 23:58 ` [patch 09/32] Revert "ACPI: SCI interrupt source override" Chris Wright
2006-12-08 23:58 ` [patch 10/32] PKT_SCHED act_gact: division by zero Chris Wright
2006-12-08 23:58 ` [patch 11/32] SUNHME: Fix for sunhme failures on x86 Chris Wright
2006-12-08 23:58 ` [patch 12/32] NETFILTER: Fix {ip, ip6, arp}_tables hook validation Chris Wright
2006-12-08 23:58 ` [patch 13/32] NETFILTER: Fix iptables compat " Chris Wright
2006-12-08 23:58 ` [patch 14/32] NETFILTER: bridge netfilter: deal with martians correctly Chris Wright
2006-12-08 23:58 ` [patch 15/32] softmac: fix unbalanced mutex_lock/unlock in ieee80211softmac_wx_set_mlme Chris Wright
2006-12-08 23:58 ` [patch 16/32] IB/ucm: Fix deadlock in cleanup Chris Wright
2006-12-08 23:58 ` [patch 17/32] do_coredump() and not stopping rewrite attacks? (CVE-2006-6304) Chris Wright
2006-12-08 23:58 ` [patch 18/32] TOKENRING: Remote memory corruptor in ibmtr.c Chris Wright
2006-12-08 23:58 ` [patch 19/32] XFRM: Use output device disable_xfrm for forwarded packets Chris Wright
2006-12-08 23:58 ` [patch 20/32] USB: Fix oops in PhidgetServo Chris Wright
2006-12-08 23:58 ` [patch 21/32] IPSEC: Fix inetpeer leak in ipv4 xfrm dst entries Chris Wright
2006-12-08 23:58 ` [patch 22/32] IrDA: Incorrect TTP header reservation Chris Wright
2006-12-08 23:58 ` [patch 23/32] NETLINK: Restore API compatibility of address and neighbour bits Chris Wright
2006-12-08 23:58 ` [patch 24/32] add bottom_half.h Chris Wright
2006-12-09 13:50 ` Thomas Backlund
2006-12-08 23:58 ` [patch 25/32] drm-sis linkage fix Chris Wright
2006-12-08 23:58 ` [patch 26/32] compat: skip data conversion in compat_sys_mount when data_page is NULL Chris Wright
2006-12-08 23:58 ` [patch 27/32] PM: Fix swsusp debug mode testproc Chris Wright
2006-12-08 23:58 ` Chris Wright [this message]
2006-12-09 3:48 ` [patch 28/32] autofs: fix error code path in autofs_fill_sb() Ian Kent
2006-12-09 18:58 ` Chris Wright
2006-12-08 23:58 ` [patch 29/32] softirq: remove BUG_ONs which can incorrectly trigger Chris Wright
2006-12-08 23:58 ` [patch 30/32] m32r: make userspace headers platform-independent Chris Wright
2006-12-08 23:58 ` [patch 31/32] x86_64: fix boot hang due to nmi watchdog init code Chris Wright
2006-12-11 18:33 ` [stable] " Chris Wright
2006-12-08 23:58 ` [patch 32/32] forcedeth: Disable INTx when enabling MSI in forcedeth Chris Wright
2006-12-09 0:38 ` [stable] [patch 00/32] -stable review Chris Wright
2006-12-09 1:36 ` [patch 33/32] NETLINK: Put {IFA,IFLA}_{RTA,PAYLOAD} macros back for userspace Chris Wright
2006-12-09 11:26 ` [patch 00/32] -stable review Stefan Lippers-Hollmann
2006-12-09 21:42 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061209000246.210981000@sous-sol.org \
--to=chrisw@sous-sol.org \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jkosina@suse.cz \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=raven@themaw.net \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox