diff mbox

nfsd4: set right access bmap when initializing lock stateid

Message ID 20110410162056.GB26233@fieldses.org (mailing list archive)
State New, archived
Headers show

Commit Message

J. Bruce Fields April 10, 2011, 4:20 p.m. UTC 
On Tue, Mar 29, 2011 at 11:41:39AM +0800, Mi Jinlong wrote:
> 
> 
> J. Bruce Fields:
> > On Mon, Mar 28, 2011 at 03:15:09PM +0800, Mi Jinlong wrote:
> >>  
> >> Content-Type: text/plain; charset=ISO-2022-JP
> >> Content-Transfer-Encoding: 7bit
> > 
> > Thanks, Mi Jinlong, the analysis is helpful, but I don't think your fix
> > is right.
> > 
> > I think the problem here is basically that the cleanup on exit from
> > nfsd4_lock() may have to deal with a lock stateid that is partially
> > initialized, in that everything has been setup except the stuff that's
> > done by get_lock_access().
> 
>   You are right.
> 
> > 
> > Maybe something like this??  But I'm not able to test right now.
> > 
> > --b.
> > 
> > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> > index fbde6f7..9e8ef31 100644
> > --- a/fs/nfsd/nfs4state.c
> > +++ b/fs/nfsd/nfs4state.c
> > @@ -397,10 +397,13 @@ static void unhash_generic_stateid(struct nfs4_stateid *stp)
> >  
> >  static void free_generic_stateid(struct nfs4_stateid *stp)
> >  {
> > -	int oflag = nfs4_access_bmap_to_omode(stp);
> > +	int oflag;
> >  
> > -	nfs4_file_put_access(stp->st_file, oflag);
> > -	put_nfs4_file(stp->st_file);
> > +	if (stp->st_access_bmap) {
> > +		nfs4_access_bmap_to_omode(stp);
> 
>  This line should be 
> 
>      oflag = nfs4_access_bmap_to_omode(stp);
> 
>  otherwise, uninitialized oflag will be used at the next line.
> 
>  After this patch, kernel runs correctly!

So you tested something like this?--b.

commit f93a86b66b1778ce698051b4ebfc228abccce956
Author: J. Bruce Fields <bfields@redhat.com>
Date:   Mon Mar 28 15:15:09 2011 +0800

    nfsd4: fix oops on lock failure
    
    Lock stateid's can have access_bmap 0 if they were only partially
    initialized (due to a failed lock request); handle that case in
    free_generic_stateid.
    
    ------------[ cut here ]------------
    kernel BUG at fs/nfsd/nfs4state.c:380!
    invalid opcode: 0000 [#1] SMP
    last sysfs file: /sys/kernel/mm/ksm/run
    Modules linked in: nfs fscache md4 nls_utf8 cifs ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd lockd nfs_acl auth_rpcgss sunrpc ipv6 ppdev parport_pc parport pcnet32 mii pcspkr microcode i2c_piix4 BusLogic floppy [last unloaded: mperf]
    
    Pid: 1468, comm: nfsd Not tainted 2.6.38+ #120 VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform
    EIP: 0060:[<e24f180d>] EFLAGS: 00010297 CPU: 0
    EIP is at nfs4_access_to_omode+0x1c/0x29 [nfsd]
    EAX: ffffffff EBX: dd758120 ECX: 00000000 EDX: 00000004
    ESI: dd758120 EDI: ddfe657c EBP: dd54dde0 ESP: dd54dde0
     DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
    Process nfsd (pid: 1468, ti=dd54c000 task=ddc92580 task.ti=dd54c000)
    Stack:
     dd54ddf0 e24f19ca 00000000 ddfe6560 dd54de08 e24f1a5d dd758130 deee3a20
     ddfe6560 31270000 dd54df1c e24f52fd 0000000f dd758090 e2505dd0 0be304cf
     dbb51d68 0000000e ddfe657c ddcd8020 dd758130 dd758128 dd7580d8 dd54de68
    Call Trace:
     [<e24f19ca>] free_generic_stateid+0x1c/0x3e [nfsd]
     [<e24f1a5d>] release_lockowner+0x71/0x8a [nfsd]
     [<e24f52fd>] nfsd4_lock+0x617/0x66c [nfsd]
     [<e24e57b6>] ? nfsd_setuser+0x199/0x1bb [nfsd]
     [<e24e056c>] ? nfsd_setuser_and_check_port+0x65/0x81 [nfsd]
     [<c07a0052>] ? _cond_resched+0x8/0x1c
     [<c04ca61f>] ? slab_pre_alloc_hook.clone.33+0x23/0x27
     [<c04cac01>] ? kmem_cache_alloc+0x1a/0xd2
     [<c04835a0>] ? __call_rcu+0xd7/0xdd
     [<e24e0dfb>] ? fh_verify+0x401/0x452 [nfsd]
     [<e24f0b61>] ? nfsd4_encode_operation+0x52/0x117 [nfsd]
     [<e24ea0d7>] ? nfsd4_putfh+0x33/0x3b [nfsd]
     [<e24f4ce6>] ? nfsd4_delegreturn+0xd4/0xd4 [nfsd]
     [<e24ea2c9>] nfsd4_proc_compound+0x1ea/0x33e [nfsd]
     [<e24de6ee>] nfsd_dispatch+0xd1/0x1a5 [nfsd]
     [<e1d6e1c7>] svc_process_common+0x282/0x46f [sunrpc]
     [<e1d6e578>] svc_process+0xdc/0xfa [sunrpc]
     [<e24de0fa>] nfsd+0xd6/0x115 [nfsd]
     [<e24de024>] ? nfsd_shutdown+0x24/0x24 [nfsd]
     [<c0454322>] kthread+0x62/0x67
     [<c04542c0>] ? kthread_worker_fn+0x114/0x114
     [<c07a6ebe>] kernel_thread_helper+0x6/0x10
    Code: eb 05 b8 00 00 27 4f 8d 65 f4 5b 5e 5f 5d c3 83 e0 03 55 83 f8 02 89 e5 74 17 83 f8 03 74 05 48 75 09 eb 09 b8 02 00 00 00 eb 0b <0f> 0b 31 c0 eb 05 b8 01 00 00 00 5d c3 55 89 e5 57 56 89 d6 8d
    EIP: [<e24f180d>] nfs4_access_to_omode+0x1c/0x29 [nfsd] SS:ESP 0068:dd54dde0
    ---[ end trace 2b0bf6c6557cb284 ]---
    
    The trace route is:
    
     -> nfsd4_lock()
       -> if (lock->lk_is_new) {
         -> alloc_init_lock_stateid()
    
            3739: stp->st_access_bmap = 0;
    
       ->if (status && lock->lk_is_new && lock_sop)
         -> release_lockowner()
          -> free_generic_stateid()
           -> nfs4_access_bmap_to_omode()
              -> nfs4_access_to_omode()
    
            380: BUG();   *****
    
    This problem was introduced by 0997b173609b9229ece28941c118a2a9b278796e.
    
    Reported-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
    Tested-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
    Signed-off-by: J. Bruce Fields <bfields@redhat.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Mi Jinlong April 11, 2011, 12:28 a.m. UTC | #1 
J. Bruce Fields:
> On Tue, Mar 29, 2011 at 11:41:39AM +0800, Mi Jinlong wrote:
>>
>> J. Bruce Fields:
>>> On Mon, Mar 28, 2011 at 03:15:09PM +0800, Mi Jinlong wrote:
>>>>  
>>>> Content-Type: text/plain; charset=ISO-2022-JP
>>>> Content-Transfer-Encoding: 7bit
>>> Thanks, Mi Jinlong, the analysis is helpful, but I don't think your fix
>>> is right.
>>>
>>> I think the problem here is basically that the cleanup on exit from
>>> nfsd4_lock() may have to deal with a lock stateid that is partially
>>> initialized, in that everything has been setup except the stuff that's
>>> done by get_lock_access().
>>   You are right.
>>
>>> Maybe something like this??  But I'm not able to test right now.
>>>
>>> --b.
>>>
>>> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
>>> index fbde6f7..9e8ef31 100644
>>> --- a/fs/nfsd/nfs4state.c
>>> +++ b/fs/nfsd/nfs4state.c
>>> @@ -397,10 +397,13 @@ static void unhash_generic_stateid(struct nfs4_stateid *stp)
>>>  
>>>  static void free_generic_stateid(struct nfs4_stateid *stp)
>>>  {
>>> -	int oflag = nfs4_access_bmap_to_omode(stp);
>>> +	int oflag;
>>>  
>>> -	nfs4_file_put_access(stp->st_file, oflag);
>>> -	put_nfs4_file(stp->st_file);
>>> +	if (stp->st_access_bmap) {
>>> +		nfs4_access_bmap_to_omode(stp);
>>  This line should be 
>>
>>      oflag = nfs4_access_bmap_to_omode(stp);
>>
>>  otherwise, uninitialized oflag will be used at the next line.
>>
>>  After this patch, kernel runs correctly!
> 
> So you tested something like this?--b.

  Yes, I have test this patch again, that's OK.
diff mbox

Patch

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index fbde6f7..8e3c407 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -397,10 +397,13 @@  static void unhash_generic_stateid(struct nfs4_stateid *stp)
 
 static void free_generic_stateid(struct nfs4_stateid *stp)
 {
-	int oflag = nfs4_access_bmap_to_omode(stp);
+	int oflag;
 
-	nfs4_file_put_access(stp->st_file, oflag);
-	put_nfs4_file(stp->st_file);
+	if (stp->st_access_bmap) {
+		oflag = nfs4_access_bmap_to_omode(stp);
+		nfs4_file_put_access(stp->st_file, oflag);
+		put_nfs4_file(stp->st_file);
+	}
 	kmem_cache_free(stateid_slab, stp);
 }