linux/fs/nfs
Kinglong Mee 18e3b739fd NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client
---Steps to Reproduce--
<nfs-server>
# cat /etc/exports
/nfs/referal  *(rw,insecure,no_subtree_check,no_root_squash,crossmnt)
/nfs/old      *(ro,insecure,subtree_check,root_squash,crossmnt)

<nfs-client>
# mount -t nfs nfs-server:/nfs/ /mnt/
# ll /mnt/*/

<nfs-server>
# cat /etc/exports
/nfs/referal   *(rw,insecure,no_subtree_check,no_root_squash,crossmnt,refer=/nfs/old/@nfs-server)
/nfs/old       *(ro,insecure,subtree_check,root_squash,crossmnt)
# service nfs restart

<nfs-client>
# ll /mnt/*/    --->>>>> oops here

[ 5123.102925] BUG: unable to handle kernel NULL pointer dereference at           (null)
[ 5123.103363] IP: [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
[ 5123.103752] PGD 587b9067 PUD 3cbf5067 PMD 0
[ 5123.104131] Oops: 0000 [#1]
[ 5123.104529] Modules linked in: nfsv4(OE) nfs(OE) fscache(E) nfsd(OE) xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev vmw_balloon parport_pc parport i2c_piix4 shpchp auth_rpcgss nfs_acl vmw_vmci lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi serio_raw scsi_transport_spi e1000 mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd]
[ 5123.105887] CPU: 0 PID: 15853 Comm: ::1-manager Tainted: G           OE   4.2.0-rc6+ #214
[ 5123.106358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[ 5123.106860] task: ffff88007620f300 ti: ffff88005877c000 task.ti: ffff88005877c000
[ 5123.107363] RIP: 0010:[<ffffffffa03ed38b>]  [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
[ 5123.107909] RSP: 0018:ffff88005877fdb8  EFLAGS: 00010246
[ 5123.108435] RAX: ffff880053f3bc00 RBX: ffff88006ce6c908 RCX: ffff880053a0d240
[ 5123.108968] RDX: ffffea0000e6d940 RSI: ffff8800399a0000 RDI: ffff88006ce6c908
[ 5123.109503] RBP: ffff88005877fe28 R08: ffffffff81c708a0 R09: 0000000000000000
[ 5123.110045] R10: 00000000000001a2 R11: ffff88003ba7f5c8 R12: ffff880054c55800
[ 5123.110618] R13: 0000000000000000 R14: ffff880053a0d240 R15: ffff880053a0d240
[ 5123.111169] FS:  0000000000000000(0000) GS:ffffffff81c27000(0000) knlGS:0000000000000000
[ 5123.111726] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5123.112286] CR2: 0000000000000000 CR3: 0000000054cac000 CR4: 00000000001406f0
[ 5123.112888] Stack:
[ 5123.113458]  ffffea0000e6d940 ffff8800399a0000 00000000000167d0 0000000000000000
[ 5123.114049]  0000000000000000 0000000000000000 0000000000000000 00000000a7ec82c6
[ 5123.114662]  ffff88005877fe18 ffffea0000e6d940 ffff8800399a0000 ffff880054c55800
[ 5123.115264] Call Trace:
[ 5123.115868]  [<ffffffffa03fb44b>] nfs4_try_migration+0xbb/0x220 [nfsv4]
[ 5123.116487]  [<ffffffffa03fcb3b>] nfs4_run_state_manager+0x4ab/0x7b0 [nfsv4]
[ 5123.117104]  [<ffffffffa03fc690>] ? nfs4_do_reclaim+0x510/0x510 [nfsv4]
[ 5123.117813]  [<ffffffff810a4527>] kthread+0xd7/0xf0
[ 5123.118456]  [<ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
[ 5123.119108]  [<ffffffff816d9cdf>] ret_from_fork+0x3f/0x70
[ 5123.119723]  [<ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
[ 5123.120329] Code: 4c 8b 6a 58 74 17 eb 52 48 8d 55 a8 89 c6 4c 89 e7 e8 4a b5 ff ff 8b 45 b0 85 c0 74 1c 4c 89 f9 48 8b 55 90 48 8b 75 98 48 89 df <41> ff 55 00 3d e8 d8 ff ff 41 89 c6 74 cf 48 8b 4d c8 65 48 33
[ 5123.121643] RIP  [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
[ 5123.122308]  RSP <ffff88005877fdb8>
[ 5123.122942] CR2: 0000000000000000

Fixes: ec011fe847 ("NFS: Introduce a vector of migration recovery ops")
Cc: stable@vger.kernel.org # v3.13+
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2015-08-17 13:22:27 -05:00
..
blocklayout
filelayout writeback: separate out include/linux/backing-dev-defs.h 2015-06-02 08:33:34 -06:00
flexfilelayout NFSv4.2/pnfs: Use GFP_NOIO for layoutstat reporting in the writeback path 2015-08-12 14:27:23 -04:00
objlayout
cache_lib.c
cache_lib.h
callback_proc.c NFS: Ensure that we update the sequence id under the slot table lock 2015-06-11 21:15:52 -04:00
callback_xdr.c NFS: Convert use of __constant_htonl to htonl 2015-06-10 18:57:59 -04:00
callback.c NFS: Remove duplicate svc_xprt_put from nfs41_callback_up 2015-08-12 14:42:23 -04:00
callback.h
client.c NFS: Remove the "NFS_CAP_CHANGE_ATTR" capability 2015-07-22 17:15:54 -04:00
delegation.c Merge branch 'bugfixes' 2015-04-23 15:16:27 -04:00
delegation.h
dir.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
direct.c NFS client updates for Linux 4.1 2015-04-26 17:33:59 -07:00
dns_resolve.c
dns_resolve.h
file.c sunrpc: keep a count of swapfiles associated with the rpc_clnt 2015-06-10 18:26:14 -04:00
fscache-index.c
fscache.c
fscache.h
getroot.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
inode.c NFS: Remove the "NFS_CAP_CHANGE_ATTR" capability 2015-07-22 17:15:54 -04:00
internal.h NFSv4.1/pnfs: Fix atomicity of commit list updates 2015-08-10 19:08:13 -04:00
iostat.h
Kconfig kernel: conditionally support non-root users, groups and capabilities 2015-04-15 16:35:22 -07:00
Makefile NFS: Rename idmap.c to nfs4idmap.c 2015-04-23 15:16:14 -04:00
mount_clnt.c
namespace.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
netns.h
nfs2super.c
nfs2xdr.c
nfs3_fs.h
nfs3acl.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3client.c
nfs3proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3super.c
nfs3xdr.c NFS: Fix size of NFSACL SETACL operations 2015-06-02 08:55:28 -04:00
nfs4_fs.h NFSv.2/pnfs Add a LAYOUTSTATS rpc function 2015-06-24 10:17:37 -04:00
nfs4client.c nfs: Drop bad comment in nfs41_walk_client_list() 2015-07-01 11:30:59 -04:00
nfs4file.c nfs: verify open flags before allowing open 2015-06-25 19:38:00 -04:00
nfs4getroot.c nfs: Remove invalid NFS_ATTR_FATTR_V4_REFERRAL checking in nfs4_get_rootfh 2015-07-01 11:31:22 -04:00
nfs4idmap.c NFS: drop unneeded goto 2015-06-02 08:55:28 -04:00
nfs4idmap.h NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4namespace.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs4proc.c NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client 2015-08-17 13:22:27 -05:00
nfs4renewd.c
nfs4session.c
nfs4session.h
nfs4state.c NFSv4.1: Handle SEQ4_STATUS_BACKCHANNEL_FAULT correctly 2015-07-05 15:50:18 -04:00
nfs4super.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4sysctl.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4trace.c
nfs4trace.h VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs4xdr.c NFSv.2/pnfs Add a LAYOUTSTATS rpc function 2015-06-24 10:17:37 -04:00
nfs42.h NFSv.2/pnfs Add a LAYOUTSTATS rpc function 2015-06-24 10:17:37 -04:00
nfs42proc.c NFSv4.2: handle NFS-specific llseek errors 2015-07-27 11:16:25 -04:00
nfs42xdr.c NFSv4.2: Fix up a decoding error in layoutstats 2015-06-27 11:30:57 -04:00
nfs.h
nfsroot.c
nfstrace.c
nfstrace.h
pagelist.c NFS: Don't clear desc->pg_moreio in nfs_do_recoalesce() 2015-07-27 10:33:12 -04:00
pnfs_dev.c
pnfs_nfs.c NFSv4.1/pnfs: Fix atomicity of commit list updates 2015-08-10 19:08:13 -04:00
pnfs.c NFSv4.2/pnfs: Use GFP_NOIO for layoutstat reporting in the writeback path 2015-08-12 14:27:23 -04:00
pnfs.h NFSv4.2/pnfs: Use GFP_NOIO for layoutstat reporting in the writeback path 2015-08-12 14:27:23 -04:00
proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
read.c NFS client updates for Linux 4.1 2015-04-26 17:33:59 -07:00
super.c NFS: Error out when register_shrinker fail in register_nfs_fs 2015-08-12 14:42:23 -04:00
symlink.c don't pass nameidata to ->follow_link() 2015-05-10 22:20:15 -04:00
sysctl.c
unlink.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
write.c NFSv4.1/pnfs: Fix atomicity of commit list updates 2015-08-10 19:08:13 -04:00