Re: [PATCH] NFSv41: fix NULL dereference in nfs40_setup_sequence

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On Oct 30, 2016, at 21:18, Vitaliy Gusev <gusev.vitaliy@xxxxxxxxx> wrote:
> 
> Hi.
> 
> During some tests I’ve seen nfs-client crashes. It was just reading file via NFSv4.1 protocol. 
> 
> The panic message is below,  fixing patch is attached.

Why does this need to be fixed on the client? It looks like a server bug… In any case, the fix you propose is going to leave the client with broken open state.

> 
> ———
> "BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
> "IP: [<ffffffffb049eefc>] _raw_spin_lock+0xc/0x30
> PGD 2a1c067 PUD 29e5067 PMD 0
> Oops: 0002 [#1] SMP
> CPU: 1 PID: 3573 Comm: kworker/1:0 Not tainted 4.8.0-26-generic #28-Ubuntu
> Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
> Workqueue: rpciod rpc_async_schedule [sunrpc]
> task: ffffa017cb534740 task.stack: ffffa01782b44000
> RIP: 0010:[<ffffffffb049eefc>]  [<ffffffffb049eefc>] _raw_spin_lock+0xc/0x30N^
> RSP: 0018:ffffa01782b47d48  EFLAGS: 00010246
> RAX: 0000000000000000 RBX: ffffa017c735d208 RCX: ffffa01783816c00
> RDX: 0000000000000001 RSI: ffffa017c735d1e0 RDI: 0000000000000090
> RBP: ffffa01782b47d78 R08: ffffa017cec58a00 R09: 0000000000000000
> R10: 0000000000000000 R11: 000000b4098ed036 R12: ffffa01783816c00
> R13: 0000000000000000 R14: 0000000000000090 R15: ffffa017c735d1e0
> FS:  0000000000000000(0000) GS:ffffa017cec40000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000090 CR3: 0000000002a0c000 CR4: 00000000001406e0
> Stack:
> ffffffffc0836208 ffffa01783816c00 ffffffffc04c9070 ffffffffc04c9070
> 0000000000000000 ffffa01783816c40 ffffa01782b47d88 ffffffffc08362d0
> ffffa01782b47d98 ffffffffc04c9089 ffffa01782b47e00 ffffffffc04cb6fd
> 
> Call Trace:
> [<ffffffffc0836208>] ? nfs40_setup_sequence+0x48/0xe0 [nfsv4]
> [<ffffffffc08362d0>] nfs4_open_confirm_prepare+0x30/0x40 [nfsv4]
> [<ffffffffc04c9089>] rpc_prepare_task+0x19/0x20 [sunrpc]
> [<ffffffffc04cb6fd>] __rpc_execute+0x8d/0x420 [sunrpc]
> [<ffffffffc04cbaa2>] rpc_async_schedule+0x12/0x20 [sunrpc]
> [<ffffffffafc9d61c>] process_one_work+0x1fc/0x4b0
> [<ffffffffafc9d91b>] worker_thread+0x4b/0x500
> [<ffffffffafca3c18>] kthread+0xd8/0xf0
> [<ffffffffb049f29f>] ret_from_fork+0x1f/0x40
> [<ffffffffafca3b40>] ? kthread_create_on_node+0x1e0/0x1e0
> Code: 00 01 00 00 f0 0f c1 37 81 c6 00 01 00 00 40 84 f6 75 01 c3 55 48 89 e5 e8 e2 19 83 ff 5d c3 0f 1f 44 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 17 85 c0 75 01 c3 55 89 c6 48 89 e5 e8 c0 01 83 ff 66 
> "RIP  [<ffffffffb049eefc>] _raw_spin_lock+0xc/0x30
> 
> ———

��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux