Hi Trond,
I'm having some trouble with xfstests generic/464 after applying this patch.
Here is the oops I'm getting, I'm able to reproduce it fairly easily against all
NFS versions:
[ 41.182015] BUG: unable to handle kernel NULL pointer dereference at
0000000000000048
[ 41.182051] #PF error: [normal kernel read fault]
[ 41.182071] PGD 0 P4D 0
[ 41.182086] Oops: 0000 [#1] PREEMPT SMP PTI
[ 41.182104] CPU: 1 PID: 14515 Comm: kworker/1:6 Not tainted 5.1.0-rc3-ANNA+
#5292
[ 41.182131] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 41.182174] Workqueue: nfsiod rpc_async_release [sunrpc]
[ 41.182209] RIP: 0010:__put_nfs_open_context+0xd/0x110 [nfs]
[ 41.182227] Code: f8 ba a8 00 00 00 be c0 0c 00 00 e8 5d c0 58 f7 48 89 c3 48
85 c0 74 c5 e9 15 ff ff ff 0f 1f 44 00 00 41 56 41 55 41 54 55 53 <48> 8b 47 48
48 8b 68 30 4c 8b 60 68 f0 ff 0f 0f 88 14 53 01 00 74
[ 41.182267] RSP: 0018:ffffae5f04b6be30 EFLAGS: 00010246
[ 41.182279] RAX: 0000000000000000 RBX: ffffa22aae71a680 RCX: 0000000000000000
[ 41.182295] RDX: ffffffffb9205dc8 RSI: 0000000000000000 RDI: 0000000000000000
[ 41.182311] RBP: 0000000000000801 R08: ffffa22aa5ca0000 R09: ffffa22aba267800
[ 41.182327] R10: 0000000000000000 R11: 0000000000000000 R12: ffffce5effd1c200
[ 41.182351] R13: 0000000000000000 R14: ffffa22aad2aa6c0 R15: 0ffffce5effd1c20
[ 41.182378] FS: 0000000000000000(0000) GS:ffffa22abcb00000(0000)
knlGS:0000000000000000
[ 41.182411] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.182435] CR2: 0000000000000048 CR3: 00000000af972005 CR4: 0000000000160ee0
[ 41.182468] Call Trace:
[ 41.182495] nfs_commitdata_release+0x15/0x30 [nfs]
[ 41.182536] rpc_free_task+0x39/0x70 [sunrpc]
[ 41.182571] rpc_async_release+0x29/0x40 [sunrpc]
[ 41.182594] process_one_work+0x1eb/0x410
[ 41.182611] worker_thread+0x2d/0x3d0
[ 41.182621] ? process_one_work+0x410/0x410
[ 41.182632] kthread+0x112/0x130
[ 41.182641] ? kthread_park+0x80/0x80
[ 41.182652] ret_from_fork+0x35/0x40
[ 41.182662] Modules linked in: nfsv3 nfs fscache rpcrdma ib_isert
iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod
ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_uverbs ib_umad rdma_cm cfg80211
ib_cm iw_cm rfkill 8021q mrp ib_core crct10dif_pclmul crc32_pclmul joydev
mousedev crc32c_intel ghash_clmulni_intel aesni_intel input_leds led_class
psmouse aes_x86_64 evdev crypto_simd cryptd glue_helper mac_hid intel_agp
intel_gtt i2c_piix4 pcspkr nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables
x_tables ata_generic pata_acpi serio_raw atkbd libps2 ata_piix libata scsi_mod
floppy i8042 serio xfs virtio_balloon virtio_gpu drm_kms_helper syscopyarea
sysfillrect sysimgblt fb_sys_fops ttm drm virtio_net net_failover failover
agpgart virtio_pci virtio_blk virtio_ring virtio
[ 41.182827] CR2: 0000000000000048
[ 41.182836] ---[ end trace 19c8b9d2801d26ce ]---
Let me know if you need any more information!
Anna
On Fri, 2019-03-29 at 17:59 -0400, Trond Myklebust wrote:
> The lock context already references and tracks the open context, so
> take the opportunity to save some space in struct nfs_page.
>
> Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
> ---
> fs/nfs/pagelist.c | 7 +------
> include/linux/nfs_page.h | 3 +--
> 2 files changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
> index ce6440b79328..5d5ac5df93e2 100644
> --- a/fs/nfs/pagelist.c
> +++ b/fs/nfs/pagelist.c
> @@ -325,7 +325,6 @@ __nfs_create_request(struct nfs_lock_context *l_ctx,
> struct page *page,
> req->wb_offset = offset;
> req->wb_pgbase = pgbase;
> req->wb_bytes = count;
> - req->wb_context = get_nfs_open_context(ctx);
> kref_init(&req->wb_kref);
> req->wb_nio = 0;
> return req;
> @@ -414,8 +413,8 @@ void nfs_unlock_and_release_request(struct nfs_page *req)
> static void nfs_clear_request(struct nfs_page *req)
> {
> struct page *page = req->wb_page;
> - struct nfs_open_context *ctx = req->wb_context;
> struct nfs_lock_context *l_ctx = req->wb_lock_context;
> + struct nfs_open_context *ctx = l_ctx->open_context;
>
> if (page != NULL) {
> put_page(page);
> @@ -430,10 +429,6 @@ static void nfs_clear_request(struct nfs_page *req)
> nfs_put_lock_context(l_ctx);
> req->wb_lock_context = NULL;
> }
> - if (ctx != NULL) {
> - put_nfs_open_context(ctx);
> - req->wb_context = NULL;
> - }
> }
>
> /**
> diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h
> index 1ea13e94feb7..0bbd587fac6a 100644
> --- a/include/linux/nfs_page.h
> +++ b/include/linux/nfs_page.h
> @@ -42,7 +42,6 @@ struct nfs_inode;
> struct nfs_page {
> struct list_head wb_list; /* Defines state of page: */
> struct page *wb_page; /* page to read in/write out
> */
> - struct nfs_open_context *wb_context; /* File state context info */
> struct nfs_lock_context *wb_lock_context; /* lock context info
> */
> pgoff_t wb_index; /* Offset >> PAGE_SHIFT */
> unsigned int wb_offset, /* Offset & ~PAGE_MASK */
> @@ -203,7 +202,7 @@ loff_t req_offset(struct nfs_page *req)
> static inline struct nfs_open_context *
> nfs_req_openctx(struct nfs_page *req)
> {
> - return req->wb_context;
> + return req->wb_lock_context->open_context;
> }
>
> #endif /* _LINUX_NFS_PAGE_H */
