During mount if rootfh changes fsid then fs-core layer
dereferences and calls NULL pointer.
nfs_fhget() sets rootinode->i_op to nfs_mountpoint_inode_operations.
Then d_alloc_and_lookup() calls i_op->lookup() that is NULL.
The problem is: rpc_ops->getroot() and rpc_ops->getattr()
return different fsid due to server replies.
So just refresh fsid, as RFC3530 doesn't specify behavior
in case of rootfh changes fsid.
Oops:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [< (null)>] (null)
stack trace:
d_alloc_and_lookup+0x4c/0x74
do_lookup+0x1e3/0x280
link_path_walk+0x12e/0xab0
nfs4_remote_get_sb+0x56/0x2c0 [nfs]
path_walk+0x67/0xe0
vfs_path_lookup+0x8e/0x100
nfs_follow_remote_path+0x16f/0x3e0 [nfs]
nfs4_try_mount+0x6f/0xd0 [nfs]
nfs_get_sb+0x269/0x400 [nfs]
vfs_kern_mount+0x8a/0x1f0
do_kern_mount+0x52/0x130
do_mount+0x20a/0x260
sys_mount+0x90/0xe0
system_call_fastpath+0x16/0x1b
Signed-off-by: Vitaliy Gusev <gusev.vitaliy@xxxxxxxxxxx>
---
fs/nfs/getroot.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c
index b5ffe8f..7979652 100644
--- a/fs/nfs/getroot.c
+++ b/fs/nfs/getroot.c
@@ -199,6 +199,10 @@ struct dentry *nfs4_get_root(struct super_block
*sb, struct nfs_fh *mntfh)
goto out;
}
+ if (fattr->valid & NFS_ATTR_FATTR_FSID &&
+ !nfs_fsid_equal(&server->fsid, &fattr->fsid))
+ memcpy(&server->fsid, &fattr->fsid, sizeof(server->fsid));
+
inode = nfs_fhget(sb, mntfh, fattr);
if (IS_ERR(inode)) {
dprintk("nfs_get_root: get root inode failed\n");
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
