linux/fs/nfs
Trond Myklebust 0a377cff94 NFS: Fix an Oops in the NFSv4 atomic open code
Adam Lackorzynski reports:

with 2.6.35.2 I'm getting this reproducible Oops:

[  110.825396] BUG: unable to handle kernel NULL pointer dereference at
(null)
[  110.828638] IP: [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
[  110.828638] PGD be89f067 PUD bf18f067 PMD 0
[  110.828638] Oops: 0000 [#1] SMP
[  110.828638] last sysfs file: /sys/class/net/lo/operstate
[  110.828638] CPU 2
[  110.828638] Modules linked in: rtc_cmos rtc_core rtc_lib amd64_edac_mod
i2c_amd756 edac_core i2c_core dm_mirror dm_region_hash dm_log dm_snapshot
sg sr_mod usb_storage ohci_hcd mptspi tg3 mptscsih mptbase usbcore nls_base
[last unloaded: scsi_wait_scan]
[  110.828638]
[  110.828638] Pid: 11264, comm: setchecksum Not tainted 2.6.35.2 #1
[  110.828638] RIP: 0010:[<ffffffff811247b7>]  [<ffffffff811247b7>]
encode_attrs+0x1a/0x2a4
[  110.828638] RSP: 0000:ffff88003bf5b878  EFLAGS: 00010296
[  110.828638] RAX: ffff8800bddb48a8 RBX: ffff88003bf5bb18 RCX:
0000000000000000
[  110.828638] RDX: ffff8800be258800 RSI: 0000000000000000 RDI:
ffff88003bf5b9f8
[  110.828638] RBP: 0000000000000000 R08: ffff8800bddb48a8 R09:
0000000000000004
[  110.828638] R10: 0000000000000003 R11: ffff8800be779000 R12:
ffff8800be258800
[  110.828638] R13: ffff88003bf5b9f8 R14: ffff88003bf5bb20 R15:
ffff8800be258800
[  110.828638] FS:  0000000000000000(0000) GS:ffff880041e00000(0063)
knlGS:00000000556bd6b0
[  110.828638] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
[  110.828638] CR2: 0000000000000000 CR3: 00000000be8ef000 CR4:
00000000000006e0
[  110.828638] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[  110.828638] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[  110.828638] Process setchecksum (pid: 11264, threadinfo
ffff88003bf5a000, task ffff88003f232210)
[  110.828638] Stack:
[  110.828638]  0000000000000000 ffff8800bfbcf920 0000000000000000
0000000000000ffe
[  110.828638] <0> 0000000000000000 0000000000000000 0000000000000000
0000000000000000
[  110.828638] <0> 0000000000000000 0000000000000000 0000000000000000
0000000000000000
[  110.828638] Call Trace:
[  110.828638]  [<ffffffff81124c1f>] ? nfs4_xdr_enc_setattr+0x90/0xb4
[  110.828638]  [<ffffffff81371161>] ? call_transmit+0x1c3/0x24a
[  110.828638]  [<ffffffff813774d9>] ? __rpc_execute+0x78/0x22a
[  110.828638]  [<ffffffff81371a91>] ? rpc_run_task+0x21/0x2b
[  110.828638]  [<ffffffff81371b7e>] ? rpc_call_sync+0x3d/0x5d
[  110.828638]  [<ffffffff8111e284>] ? _nfs4_do_setattr+0x11b/0x147
[  110.828638]  [<ffffffff81109466>] ? nfs_init_locked+0x0/0x32
[  110.828638]  [<ffffffff810ac521>] ? ifind+0x4e/0x90
[  110.828638]  [<ffffffff8111e2fb>] ? nfs4_do_setattr+0x4b/0x6e
[  110.828638]  [<ffffffff8111e634>] ? nfs4_do_open+0x291/0x3a6
[  110.828638]  [<ffffffff8111ed81>] ? nfs4_open_revalidate+0x63/0x14a
[  110.828638]  [<ffffffff811056c4>] ? nfs_open_revalidate+0xd7/0x161
[  110.828638]  [<ffffffff810a2de4>] ? do_lookup+0x1a4/0x201
[  110.828638]  [<ffffffff810a4733>] ? link_path_walk+0x6a/0x9d5
[  110.828638]  [<ffffffff810a42b6>] ? do_last+0x17b/0x58e
[  110.828638]  [<ffffffff810a5fbe>] ? do_filp_open+0x1bd/0x56e
[  110.828638]  [<ffffffff811cd5e0>] ? _atomic_dec_and_lock+0x30/0x48
[  110.828638]  [<ffffffff810a9b1b>] ? dput+0x37/0x152
[  110.828638]  [<ffffffff810ae063>] ? alloc_fd+0x69/0x10a
[  110.828638]  [<ffffffff81099f39>] ? do_sys_open+0x56/0x100
[  110.828638]  [<ffffffff81027a22>] ? ia32_sysret+0x0/0x5
[  110.828638] Code: 83 f1 01 e8 f5 ca ff ff 48 83 c4 50 5b 5d 41 5c c3 41
57 41 56 41 55 49 89 fd 41 54 49 89 d4 55 48 89 f5 53 48 81 ec 18 01 00 00
<8b> 06 89 c2 83 e2 08 83 fa 01 19 db 83 e3 f8 83 c3 18 a8 01 8d
[  110.828638] RIP  [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
[  110.828638]  RSP <ffff88003bf5b878>
[  110.828638] CR2: 0000000000000000
[  112.840396] ---[ end trace 95282e83fd77358f ]---

We need to ensure that the O_EXCL flag is turned off if the user doesn't
set O_CREAT.

Cc: stable@kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2010-08-18 09:25:42 -04:00
..
cache_lib.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
cache_lib.h NFS: Add a dns resolver for use with NFSv4 referrals and migration 2009-08-19 18:22:15 -04:00
callback_proc.c NFS: Fix the locking in nfs4_callback_getattr 2010-08-06 13:41:39 -04:00
callback_xdr.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
callback.c SUNRPC: Bury "#ifdef IPV6" in svc_create_xprt() 2010-01-26 17:56:43 -05:00
callback.h nfs41: implement cb_recall_slot 2010-02-10 08:30:59 -05:00
client.c NFSv41: Cleanup for nfs4_alloc_session. 2010-06-22 13:24:03 -04:00
delegation.c NFS: Clean up the callers of nfs_wb_all() 2010-08-03 22:06:40 -04:00
delegation.h NFSv41: Fix nfs_async_inode_return_delegation() ugliness 2010-06-22 13:24:02 -04:00
dir.c NFS: Fix an Oops in the NFSv4 atomic open code 2010-08-18 09:25:42 -04:00
direct.c NFSv4: Ensure that we track the NFSv4 lock state in read/write requests. 2010-07-30 14:41:56 -04:00
dns_resolve.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dns_resolve.h NFS: Add a dns resolver for use with NFSv4 referrals and migration 2009-08-19 18:22:15 -04:00
file.c NFS: fix the return value of nfs_file_fsync() 2010-08-11 13:10:16 -04:00
fscache-index.c NFS: Add read context retention for FS-Cache to call back with 2009-04-03 16:42:44 +01:00
fscache.c NFS: Squelch compiler warning 2010-05-14 15:09:31 -04:00
fscache.h NFS: Propagate 'fsc' mount option through automounts 2009-09-23 14:36:39 -04:00
getroot.c nfs4 use mandatory attribute file type in nfs4_get_root 2010-06-22 13:17:43 -04:00
idmap.c SUNRPC: Replace rpc_client->cl_dentry and cl_mnt, with a cl_path 2009-08-09 15:14:24 -04:00
inode.c NFS: Clean up the callers of nfs_wb_all() 2010-08-03 22:06:40 -04:00
internal.h Merge branch 'nfs-for-2.6.36' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2010-08-07 13:19:36 -07:00
iostat.h NFS: Squelch compiler warning in nfs_add_server_stats() 2010-05-14 15:09:31 -04:00
Kconfig NFS: Fix the selection of security flavours in Kconfig 2010-08-17 17:42:45 -04:00
Makefile NFS: Add a dns resolver for use with NFSv4 referrals and migration 2009-08-19 18:22:15 -04:00
mount_clnt.c NFS: Fix the mapping of the NFSERR_SERVERFAULT error 2010-02-09 14:29:29 -05:00
namespace.c NFS: Reduce the stack footprint of nfs_follow_mountpoint() 2010-05-14 15:09:22 -04:00
nfs2xdr.c SUNRPC: Move the bound cred to struct rpc_rqst 2010-08-04 08:54:09 -04:00
nfs3acl.c NFS: Reduce stack footprint of nfs3_proc_getacl() and nfs3_proc_setacl() 2010-05-14 15:09:28 -04:00
nfs3proc.c NFS: Reduce the stack footprint of nfs_rmdir 2010-05-14 15:09:26 -04:00
nfs3xdr.c SUNRPC: Move the bound cred to struct rpc_rqst 2010-08-04 08:54:09 -04:00
nfs4_fs.h NFSv4: Ensure the lockowners are labelled using the fl_owner and/or fl_pid 2010-07-30 14:46:10 -04:00
nfs4namespace.c NFSv4: Fix up the documentation for nfs_do_refmount 2010-05-14 15:09:29 -04:00
nfs4proc.c NFS: Fix an Oops in the NFSv4 atomic open code 2010-08-18 09:25:42 -04:00
nfs4renewd.c NFSv41: Convert the various reboot recovery ops etc to minor version ops 2010-06-22 13:24:02 -04:00
nfs4state.c NFSv4: Ensure the lockowners are labelled using the fl_owner and/or fl_pid 2010-07-30 14:46:10 -04:00
nfs4xdr.c SUNRPC: Move the bound cred to struct rpc_rqst 2010-08-04 08:54:09 -04:00
nfsroot.c nfs: include space for the NUL in root path 2010-07-30 15:33:39 -04:00
pagelist.c NFSv4: Ensure that we track the NFSv4 lock state in read/write requests. 2010-07-30 14:41:56 -04:00
proc.c NFS: Reduce the stack footprint of nfs_proc_symlink() 2010-05-14 15:09:27 -04:00
read.c NFSv4: Ensure that we track the NFSv4 lock state in read/write requests. 2010-07-30 14:41:56 -04:00
super.c nfs: Add "lookupcache" to displayed mount options 2010-08-10 17:28:01 -04:00
symlink.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sysctl.c NFS: Avoid warnings when CONFIG_NFS_V4=n 2010-01-26 15:42:11 -05:00
unlink.c NFSv4.1: Make nfs4_setup_sequence take a nfs_server argument 2010-06-22 13:24:02 -04:00
write.c Merge branch 'nfs-for-2.6.36' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2010-08-07 13:19:36 -07:00