From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>,
Anna Schumaker <Anna.Schumaker@Netapp.com>
Subject: [PATCH 4.10 17/29] nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type
Date: Sun, 16 Apr 2017 10:04:34 +0200 [thread overview]
Message-ID: <20170416080228.643530452@linuxfoundation.org> (raw)
In-Reply-To: <20170416080227.593797230@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
commit f17f8a14e82cdf34cd6473e3644f3c672b3884f6 upstream.
this fix aims to fix dereferencing of a mirror in an error state when MDS
returns unsupported DS type (IOW, not v3), which causes the following oops:
[ 220.370709] BUG: unable to handle kernel NULL pointer dereference at 0000000000000065
[ 220.370842] IP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
[ 220.370920] PGD 0
[ 220.370972] Oops: 0000 [#1] SMP
[ 220.371013] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables binfmt_misc intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel btrfs kvm arc4 snd_hda_codec_hdmi iwldvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate mac80211 xor uvcvideo
[ 220.371814] videobuf2_vmalloc videobuf2_memops snd_hda_codec_idt mei_wdt videobuf2_v4l2 snd_hda_codec_generic iTCO_wdt ppdev videobuf2_core iTCO_vendor_support dell_rbtn dell_wmi iwlwifi sparse_keymap dell_laptop dell_smbios snd_hda_intel dcdbas videodev snd_hda_codec dell_smm_hwmon snd_hda_core media cfg80211 intel_uncore snd_hwdep raid6_pq snd_seq intel_rapl_perf snd_seq_device joydev i2c_i801 rfkill lpc_ich snd_pcm parport_pc mei_me parport snd_timer dell_smo8800 mei snd shpchp soundcore tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 nouveau mxm_wmi ttm i2c_algo_bit drm_kms_helper crc32c_intel e1000e drm sdhci_pci firewire_ohci sdhci serio_raw mmc_core firewire_core ptp crc_itu_t pps_core wmi fjes video
[ 220.372568] CPU: 7 PID: 4988 Comm: cat Not tainted 4.10.5-200.fc25.x86_64 #1
[ 220.372647] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS A06 07/11/2011
[ 220.372729] task: ffff94791f6ea580 task.stack: ffffb72b88c0c000
[ 220.372802] RIP: 0010:ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
[ 220.372883] RSP: 0018:ffffb72b88c0f970 EFLAGS: 00010246
[ 220.372945] RAX: 0000000000000000 RBX: ffff9479015ca600 RCX: ffffffffffffffed
[ 220.373025] RDX: ffffffffffffffed RSI: ffff9479753dc980 RDI: 0000000000000000
[ 220.373104] RBP: ffffb72b88c0f988 R08: 000000000001c980 R09: ffffffffc0ea6112
[ 220.373184] R10: ffffef17477d9640 R11: ffff9479753dd6c0 R12: ffff9479211c7440
[ 220.373264] R13: ffff9478f45b7790 R14: 0000000000000001 R15: ffff9479015ca600
[ 220.373345] FS: 00007f555fa3e700(0000) GS:ffff9479753c0000(0000) knlGS:0000000000000000
[ 220.373435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 220.373506] CR2: 0000000000000065 CR3: 0000000196044000 CR4: 00000000000406e0
[ 220.373586] Call Trace:
[ 220.373627] nfs4_ff_layout_prepare_ds+0x5e/0x200 [nfs_layout_flexfiles]
[ 220.373708] ff_layout_pg_init_read+0x81/0x160 [nfs_layout_flexfiles]
[ 220.373806] __nfs_pageio_add_request+0x11f/0x4a0 [nfs]
[ 220.373886] ? nfs_create_request.part.14+0x37/0x330 [nfs]
[ 220.373967] nfs_pageio_add_request+0xb2/0x260 [nfs]
[ 220.374042] readpage_async_filler+0xaf/0x280 [nfs]
[ 220.374103] read_cache_pages+0xef/0x1b0
[ 220.374166] ? nfs_read_completion+0x210/0x210 [nfs]
[ 220.374239] nfs_readpages+0x129/0x200 [nfs]
[ 220.374293] __do_page_cache_readahead+0x1d0/0x2f0
[ 220.374352] ondemand_readahead+0x17d/0x2a0
[ 220.374403] page_cache_sync_readahead+0x2e/0x50
[ 220.374460] generic_file_read_iter+0x6c8/0x950
[ 220.374532] ? nfs_mapping_need_revalidate_inode+0x17/0x40 [nfs]
[ 220.374617] nfs_file_read+0x6e/0xc0 [nfs]
[ 220.374670] __vfs_read+0xe2/0x150
[ 220.374715] vfs_read+0x96/0x130
[ 220.374758] SyS_read+0x55/0xc0
[ 220.374801] entry_SYSCALL_64_fastpath+0x1a/0xa9
[ 220.374856] RIP: 0033:0x7f555f570bd0
[ 220.374900] RSP: 002b:00007ffeb73e1b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 220.374986] RAX: ffffffffffffffda RBX: 00007f555f839ae0 RCX: 00007f555f570bd0
[ 220.375066] RDX: 0000000000020000 RSI: 00007f555fa41000 RDI: 0000000000000003
[ 220.375145] RBP: 0000000000021010 R08: ffffffffffffffff R09: 0000000000000000
[ 220.375226] R10: 00007f555fa40010 R11: 0000000000000246 R12: 0000000000022000
[ 220.375305] R13: 0000000000021010 R14: 0000000000001000 R15: 0000000000002710
[ 220.375386] Code: 66 66 90 55 48 89 e5 41 54 53 49 89 fc 48 83 ec 08 48 85 f6 74 2e 48 8b 4e 30 48 89 f3 48 81 f9 00 f0 ff ff 77 1e 48 85 c9 74 15 <48> 83 79 78 00 b8 01 00 00 00 74 2c 48 83 c4 08 5b 41 5c 5d c3
[ 220.375653] RIP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] RSP: ffffb72b88c0f970
[ 220.375748] CR2: 0000000000000065
[ 220.403538] ---[ end trace bcdca752211b7da9 ]---
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/flexfilelayout/flexfilelayoutdev.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c
+++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c
@@ -208,6 +208,10 @@ static bool ff_layout_mirror_valid(struc
} else
goto outerr;
}
+
+ if (IS_ERR(mirror->mirror_ds))
+ goto outerr;
+
if (mirror->mirror_ds->ds == NULL) {
struct nfs4_deviceid_node *devid;
devid = &mirror->mirror_ds->id_node;
next prev parent reply other threads:[~2017-04-16 8:06 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-16 8:04 [PATCH 4.10 00/29] 4.10.11-stable review Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 01/29] drm/i915: Fix forcewake active domain tracking Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 03/29] drm/i915/fbdev: Stop repeating tile configuration on stagnation Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 04/29] drm/i915: Squelch any ktime/jiffie rounding errors for wait-ioctl Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 06/29] drm/i915: Store a permanent error in obj->mm.pages Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 11/29] drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 12/29] drm/i915: Stop using RP_DOWN_EI on Baytrail Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 13/29] drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker) Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 15/29] orangefs: Dan Carpenter influenced cleanups Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 16/29] orangefs: fix buffer size mis-match between kernel space and user space Greg Kroah-Hartman
2017-04-16 8:04 ` Greg Kroah-Hartman [this message]
2017-04-16 8:04 ` [PATCH 4.10 18/29] rt2x00usb: fix anchor initialization Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 19/29] rt2x00usb: do not anchor rx and tx urbs Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 20/29] MIPS: Introduce irq_stack Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 21/29] MIPS: Stack unwinding while on IRQ stack Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 22/29] MIPS: Only change $28 to thread_info if coming from user mode Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 23/29] MIPS: Switch to the irq_stack in interrupts Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 24/29] MIPS: Select HAVE_IRQ_EXIT_ON_IRQ_STACK Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 25/29] MIPS: IRQ Stack: Fix erroneous jal to plat_irq_dispatch Greg Kroah-Hartman
2017-04-16 8:04 ` [PATCH 4.10 28/29] net/packet: fix overflow in check for priv area size Greg Kroah-Hartman
2017-04-16 21:29 ` [PATCH 4.10 00/29] 4.10.11-stable review Guenter Roeck
2017-04-17 18:25 ` Shuah Khan
2017-04-18 4:58 ` Greg Kroah-Hartman
[not found] ` <58f373af.01841c0a.9440c.0ce2@mx.google.com>
2017-04-17 18:51 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170416080228.643530452@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Anna.Schumaker@Netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tigran.mkrtchyan@desy.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).