From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Olga Kornievskaia <kolga@netapp.com>,
Anna Schumaker <Anna.Schumaker@netapp.com>
Subject: [PATCH 4.6 081/100] Fixing oops in callback path
Date: Mon, 30 May 2016 13:50:16 -0700 [thread overview]
Message-ID: <20160530204911.043803089@linuxfoundation.org> (raw)
In-Reply-To: <20160530204908.422037419@linuxfoundation.org>
4.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olga Kornievskaia <kolga@netapp.com>
commit c2985d001d2fb77357aeae675545893b61c50044 upstream.
Commit 80f9642724af5 ("NFSv4.x: Enforce the ca_maxreponsesize_cached
on the back channel") causes an oops when it receives a callback with
cachethis=yes.
[ 109.667378] BUG: unable to handle kernel NULL pointer dereference at 00000000000002c8
[ 109.669476] IP: [<ffffffffa08a3e68>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[ 109.671216] PGD 0
[ 109.671736] Oops: 0000 [#1] SMP
[ 109.705427] CPU: 1 PID: 3579 Comm: nfsv4.1-svc Not tainted 4.5.0-rc1+ #1
[ 109.706987] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[ 109.709468] task: ffff8800b4408000 ti: ffff88008448c000 task.ti: ffff88008448c000
[ 109.711207] RIP: 0010:[<ffffffffa08a3e68>] [<ffffffffa08a3e68>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[ 109.713521] RSP: 0018:ffff88008448fca0 EFLAGS: 00010286
[ 109.714762] RAX: ffff880081ee202c RBX: ffff8800b7b5b600 RCX: 0000000000000001
[ 109.716427] RDX: 0000000000000008 RSI: 0000000000000008 RDI: 0000000000000000
[ 109.718091] RBP: ffff88008448fda8 R08: 0000000000000000 R09: 000000000b000000
[ 109.719757] R10: ffff880137786000 R11: ffff8800b7b5b600 R12: 0000000001000000
[ 109.721415] R13: 0000000000000002 R14: 0000000053270000 R15: 000000000000000b
[ 109.723061] FS: 0000000000000000(0000) GS:ffff880139640000(0000) knlGS:0000000000000000
[ 109.724931] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 109.726278] CR2: 00000000000002c8 CR3: 0000000034d50000 CR4: 00000000001406e0
[ 109.727972] Stack:
[ 109.728465] ffff880081ee202c ffff880081ee201c 000000008448fcc0 ffff8800baccb800
[ 109.730349] ffff8800baccc800 ffffffffa08d0380 0000000000000000 0000000000000000
[ 109.732211] ffff8800b7b5b600 0000000000000001 ffffffff81d073c0 ffff880081ee3090
[ 109.734056] Call Trace:
[ 109.734657] [<ffffffffa03795d4>] svc_process_common+0x5c4/0x6c0 [sunrpc]
[ 109.736267] [<ffffffffa0379a4c>] bc_svc_process+0x1fc/0x360 [sunrpc]
[ 109.737775] [<ffffffffa08a2c2c>] nfs41_callback_svc+0x10c/0x1d0 [nfsv4]
[ 109.739335] [<ffffffff810cb380>] ? prepare_to_wait_event+0xf0/0xf0
[ 109.740799] [<ffffffffa08a2b20>] ? nfs4_callback_svc+0x50/0x50 [nfsv4]
[ 109.742349] [<ffffffff810a6998>] kthread+0xd8/0xf0
[ 109.743495] [<ffffffff810a68c0>] ? kthread_park+0x60/0x60
[ 109.744776] [<ffffffff816abc4f>] ret_from_fork+0x3f/0x70
[ 109.746037] [<ffffffff810a68c0>] ? kthread_park+0x60/0x60
[ 109.747324] Code: cc 45 31 f6 48 8b 85 00 ff ff ff 44 89 30 48 8b 85 f8 fe ff ff 44 89 20 48 8b 9d 38 ff ff ff 48 8b bd 30 ff ff ff 48 85 db 74 4c <4c> 8b af c8 02 00 00 4d 8d a5 08 02 00 00 49 81 c5 98 02 00 00
[ 109.754361] RIP [<ffffffffa08a3e68>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[ 109.756123] RSP <ffff88008448fca0>
[ 109.756951] CR2: 00000000000002c8
[ 109.757738] ---[ end trace 2b8555511ab5dfb4 ]---
[ 109.758819] Kernel panic - not syncing: Fatal exception
[ 109.760126] Kernel Offset: disabled
[ 118.938934] ---[ end Kernel panic - not syncing: Fatal exception
It doesn't unlock the table nor does it set the cps->clp pointer which
is later needed by nfs4_cb_free_slot().
Fixes: 80f9642724af5 ("NFSv4.x: Enforce the ca_maxresponsesize_cached ...")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/callback_proc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/nfs/callback_proc.c
+++ b/fs/nfs/callback_proc.c
@@ -500,8 +500,10 @@ __be32 nfs4_callback_sequence(struct cb_
cps->slot = slot;
/* The ca_maxresponsesize_cached is 0 with no DRC */
- if (args->csa_cachethis != 0)
- return htonl(NFS4ERR_REP_TOO_BIG_TO_CACHE);
+ if (args->csa_cachethis != 0) {
+ status = htonl(NFS4ERR_REP_TOO_BIG_TO_CACHE);
+ goto out_unlock;
+ }
/*
* Check for pending referring calls. If a match is found, a
next prev parent reply other threads:[~2016-05-30 21:19 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-30 20:48 [PATCH 4.6 000/100] 4.6.1-stable review Greg Kroah-Hartman
2016-05-30 20:48 ` [PATCH 4.6 001/100] arm64: Fix typo in the pmdp_huge_get_and_clear() definition Greg Kroah-Hartman
2016-05-30 20:48 ` [PATCH 4.6 002/100] arm64: Ensure pmd_present() returns false after pmd_mknotpresent() Greg Kroah-Hartman
2016-05-30 20:48 ` [PATCH 4.6 003/100] arm64: Implement ptep_set_access_flags() for hardware AF/DBM Greg Kroah-Hartman
2016-05-30 20:48 ` [PATCH 4.6 004/100] arm64: Implement pmdp_set_access_flags() " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 005/100] arm64: cpuinfo: Missing NULL terminator in compat_hwcap_str Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 006/100] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 007/100] kvm: arm64: Fix EC field in inject_abt64 Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 008/100] perf/x86/intel/uncore: Remove WARN_ON_ONCE in uncore_pci_probe Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 009/100] remove directory incorrectly tries to set delete on close on non-empty directories Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 010/100] fs/cifs: correctly to anonymous authentication via NTLMSSP Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 011/100] fs/cifs: correctly to anonymous authentication for the LANMAN authentication Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 012/100] fs/cifs: correctly to anonymous authentication for the NTLM(v1) authentication Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 013/100] fs/cifs: correctly to anonymous authentication for the NTLM(v2) authentication Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 014/100] asix: Fix offset calculation in asix_rx_fixup() causing slow transmissions Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 015/100] ring-buffer: Use long for nr_pages to avoid overflow failures Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 016/100] ring-buffer: Prevent overflow of size in ring_buffer_resize() Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 017/100] crypto: caam - fix caam_jr_alloc() ret code Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 018/100] crypto: talitos - fix ahash algorithms registration Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 019/100] crypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore} Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 020/100] clk: qcom: msm8916: Fix crypto clock flags Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 021/100] crypto: sha1-mb - make sha1_x8_avx2() conform to C function ABI Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 022/100] fscrypto/f2fs: allow fs-specific key prefix for fs encryption Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 023/100] sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 024/100] mfd: omap-usb-tll: Fix scheduling while atomic BUG Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 025/100] Input: pwm-beeper - fix - scheduling while atomic Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 026/100] irqchip/gic: Ensure ordering between read of INTACK and shared data Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 027/100] irqchip/gic-v3: Configure all interrupts as non-secure Group-1 Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 028/100] nfc: st21nfca: Fix static checker warning Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 029/100] can: fix handling of unmodifiable configuration options Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 030/100] mmc: mmc: Fix partition switch timeout for some eMMCs Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 031/100] ACPI / PM: Export acpi_device_fix_up_power() Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 032/100] mmc: sdhci-acpi: Ensure connected devices are powered when probing Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 033/100] mmc: sdhci-acpi: Remove MMC_CAP_BUS_WIDTH_TEST for Intel controllers Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 034/100] ACPI / osi: Fix an issue that acpi_osi=!* cannot disable ACPICA internal strings Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 036/100] mmc: longer timeout for long read time quirk Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 037/100] mmc: sdhci-pci: Remove MMC_CAP_BUS_WIDTH_TEST for Intel controllers Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 038/100] Bluetooth: vhci: fix open_timeout vs. hdev race Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 039/100] Bluetooth: vhci: purge unhandled skbs Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 040/100] Bluetooth: vhci: Fix race at creating hci device Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 041/100] mei: fix NULL dereferencing during FW initiated disconnection Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 042/100] mei: amthif: discard not read messages Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 043/100] mei: bus: call mei_cl_read_start under device lock Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 044/100] USB: serial: cp210x: fix hardware flow-control disable Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 045/100] USB: serial: mxuport: fix use-after-free in probe error path Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 046/100] USB: serial: keyspan: " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 047/100] USB: serial: quatech2: " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 048/100] USB: serial: io_edgeport: fix memory leaks in attach " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 049/100] USB: serial: io_edgeport: fix memory leaks in probe " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 050/100] USB: serial: option: add support for Cinterion PH8 and AHxx Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 051/100] USB: serial: option: add more ZTE device ids Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 052/100] USB: serial: option: add even " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 053/100] usb: gadget: f_fs: Fix EFAULT generation for async read operations Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 055/100] usb: misc: usbtest: fix pattern tests for scatterlists Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 056/100] USB: leave LPM alone if possible when binding/unbinding interface drivers Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 057/100] usb: gadget: udc: core: Fix argument of dev_err() in usb_gadget_map_request() Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 058/100] usb: core: hub: hub_port_init lock controller instead of bus Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 059/100] usb: host: xhci-rcar: Avoid long wait in xhci_reset() Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 4.6 060/100] staging: comedi: das1800: fix possible NULL dereference Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 066/100] xen/x86: actually allocate legacy interrupts on PV guests Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 067/100] x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 068/100] tty: vt, return error when con_startup fails Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 069/100] TTY: n_gsm, fix false positive WARN_ON Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 070/100] tty/serial: atmel: fix hardware handshake selection Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 071/100] Fix OpenSSH pty regression on close Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 073/100] serial: 8250_mid: use proper bar for DNV platform Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 074/100] serial: 8250_mid: recognize interrupt source in handler Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 075/100] serial: samsung: Reorder the sequence of clock control when call s3c24xx_serial_set_termios() Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 076/100] locking,qspinlock: Fix spin_is_locked() and spin_unlock_wait() Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 077/100] clk: bcm2835: add locking to pll*_on/off methods Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 078/100] watchdog: core: Fix circular locking dependency Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 079/100] watchdog: sp5100_tco: properly check for new register layouts Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 080/100] objtool: Allow building with older libelf Greg Kroah-Hartman
2016-05-30 20:50 ` Greg Kroah-Hartman [this message]
2016-05-30 20:50 ` [PATCH 4.6 082/100] misc: mic: Fix for double fetch security bug in VOP driver Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 083/100] mcb: Fixed bar number assignment for the gdd Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 084/100] ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294 Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 085/100] ALSA: hda - Fix headphone noise on Dell XPS 13 9360 Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 086/100] ALSA: hda/realtek - Add support for ALC295/ALC3254 Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 087/100] ALSA: hda - Fix headset mic detection problem for one Dell machine Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 088/100] IB/srp: Fix a debug kernel crash Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 089/100] IB/srp: Fix srp_create_target() error handling Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 090/100] thunderbolt: Fix double free of drom buffer Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 091/100] md: md.c: fix oops in mddev_suspend for raid0 Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 092/100] SIGNAL: Move generic copy_siginfo() to signal.h Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 093/100] btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 094/100] Btrfs: fix handling of faults from btrfs_copy_from_user Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 095/100] UBI: Fix static volume checks when Fastmap is used Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 096/100] hpfs: fix remount failure when there are no options changed Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 097/100] hpfs: implement the show_options method Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 098/100] scsi: Add intermediate STARGET_REMOVE state to scsi_target_state Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 099/100] Revert "scsi: fix soft lockup in scsi_remove_target() on module removal" Greg Kroah-Hartman
2016-05-30 20:50 ` [PATCH 4.6 100/100] kbuild: move -Wunused-const-variable to W=1 warning level Greg Kroah-Hartman
2016-06-01 5:35 ` [PATCH 4.6 000/100] 4.6.1-stable review Guenter Roeck
2016-06-01 16:16 ` Greg Kroah-Hartman
2016-06-02 4:25 ` Xuetao Guan
2016-06-01 14:20 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160530204911.043803089@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Anna.Schumaker@netapp.com \
--cc=kolga@netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox