[kernel/f13/master] Copy sunrpc oops fix from F14
Chuck Ebbert
cebbert at fedoraproject.org
Mon Jan 31 03:48:08 UTC 2011
commit 455ee889cb33731b3a0bb1b76b587a5eeef1cb61
Author: Chuck Ebbert <cebbert at redhat.com>
Date: Sun Jan 30 22:46:59 2011 -0500
Copy sunrpc oops fix from F14
kernel.spec | 9 ++
sunrpc-kernel-panic-when-mount-nfsv4.patch | 139 ++++++++++++++++++++++++++++
2 files changed, 148 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 393ce66..29b4ed1 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -940,6 +940,9 @@ Patch13943: tcp-increase-tcp_maxseg-socket-option-minimum.patch
Patch13944: tcp-make-tcp_maxseg-minimum-more-correct.patch
Patch13945: tcp-protect-sysctl_tcp_cookie_size-reads.patch
+# rhbz#673207 (f14)
+Patch13950: sunrpc-kernel-panic-when-mount-nfsv4.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1803,6 +1806,9 @@ ApplyPatch tcp-increase-tcp_maxseg-socket-option-minimum.patch
ApplyPatch tcp-make-tcp_maxseg-minimum-more-correct.patch
ApplyPatch tcp-protect-sysctl_tcp_cookie_size-reads.patch
+# rhbz#673207 (f14)
+ApplyPatch sunrpc-kernel-panic-when-mount-nfsv4.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2424,6 +2430,9 @@ fi
%changelog
+* Sun Jan 30 2011 Chuck Ebbert <cebbert at redhat.com>
+- Copy sunrpc oops fix from F14
+
* Wed Jan 26 2011 Chuck Ebbert <cebbert at redhat.com>
- TCP networking fixes from 2.6.36.3, including one CVE
CVE-2010-4165: possible kernel oops from user MSS
diff --git a/sunrpc-kernel-panic-when-mount-nfsv4.patch b/sunrpc-kernel-panic-when-mount-nfsv4.patch
new file mode 100644
index 0000000..c4e8214
--- /dev/null
+++ b/sunrpc-kernel-panic-when-mount-nfsv4.patch
@@ -0,0 +1,139 @@
+From: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date: Mon, 20 Dec 2010 21:19:26 +0000 (+0000)
+Subject: kernel panic when mount NFSv4
+X-Git-Tag: v2.6.38-rc1~407^2~38
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=beb0f0a9fba1fa98b378329a9a5b0a73f25097ae
+
+kernel panic when mount NFSv4
+
+On Tue, 2010-12-14 at 16:58 +0800, Mi Jinlong wrote:
+> Hi,
+>
+> When testing NFSv4 at RHEL6 with kernel 2.6.32, I got a kernel panic
+> at NFS client's __rpc_create_common function.
+>
+> The panic place is:
+> rpc_mkpipe
+> __rpc_lookup_create() <=== find pipefile *idmap*
+> __rpc_mkpipe() <=== pipefile is *idmap*
+> __rpc_create_common()
+> ****** BUG_ON(!d_unhashed(dentry)); ****** *panic*
+>
+> It means that the dentry's d_flags have be set DCACHE_UNHASHED,
+> but it should not be set here.
+>
+> Is someone known this bug? or give me some idea?
+>
+> A reproduce program is append, but it can't reproduce the bug every time.
+> the export is: "/nfsroot *(rw,no_root_squash,fsid=0,insecure)"
+>
+> And the panic message is append.
+>
+> ============================================================================
+> #!/bin/sh
+>
+> LOOPTOTAL=768
+> LOOPCOUNT=0
+> ret=0
+>
+> while [ $LOOPCOUNT -ne $LOOPTOTAL ]
+> do
+> ((LOOPCOUNT += 1))
+> service nfs restart
+> /usr/sbin/rpc.idmapd
+> mount -t nfs4 127.0.0.1:/ /mnt|| return 1;
+> ls -l /var/lib/nfs/rpc_pipefs/nfs/*/
+> umount /mnt
+> echo $LOOPCOUNT
+> done
+>
+> ===============================================================================
+> Code: af 60 01 00 00 89 fa 89 f0 e8 64 cf 89 f0 e8 5c 7c 64 cf 31 c0 8b 5c 24 10 8b
+> 74 24 14 8b 7c 24 18 8b 6c 24 1c 83 c4 20 c3 <0f> 0b eb fc 8b 46 28 c7 44 24 08 20
+> de ee f0 c7 44 24 04 56 ea
+> EIP:[<f0ee92ea>] __rpc_create_common+0x8a/0xc0 [sunrpc] SS:ESP 0068:eccb5d28
+> ---[ end trace 8f5606cd08928ed2]---
+> Kernel panic - not syncing: Fatal exception
+> Pid:7131, comm: mount.nfs4 Tainted: G D -------------------2.6.32 #1
+> Call Trace:
+> [<c080ad18>] ? panic+0x42/0xed
+> [<c080e42c>] ? oops_end+0xbc/0xd0
+> [<c040b090>] ? do_invalid_op+0x0/0x90
+> [<c040b10f>] ? do_invalid_op+0x7f/0x90
+> [<f0ee92ea>] ? __rpc_create_common+0x8a/0xc0[sunrpc]
+> [<f0edc433>] ? rpc_free_task+0x33/0x70[sunrpc]
+> [<f0ed6508>] ? prc_call_sync+0x48/0x60[sunrpc]
+> [<f0ed656e>] ? rpc_ping+0x4e/0x60[sunrpc]
+> [<f0ed6eaf>] ? rpc_create+0x38f/0x4f0[sunrpc]
+> [<c080d80b>] ? error_code+0x73/0x78
+> [<f0ee92ea>] ? __rpc_create_common+0x8a/0xc0[sunrpc]
+> [<c0532bda>] ? d_lookup+0x2a/0x40
+> [<f0ee94b1>] ? rpc_mkpipe+0x111/0x1b0[sunrpc]
+> [<f10a59f4>] ? nfs_create_rpc_client+0xb4/0xf0[nfs]
+> [<f10d6c6d>] ? nfs_fscache_get_client_cookie+0x1d/0x50[nfs]
+> [<f10d3fcb>] ? nfs_idmap_new+0x7b/0x140[nfs]
+> [<c05e76aa>] ? strlcpy+0x3a/0x60
+> [<f10a60ca>] ? nfs4_set_client+0xea/0x2b0[nfs]
+> [<f10a6d0c>] ? nfs4_create_server+0xac/0x1b0[nfs]
+> [<c04f1400>] ? krealloc+0x40/0x50
+> [<f10b0e8b>] ? nfs4_remote_get_sb+0x6b/0x250[nfs]
+> [<c04f14ec>] ? kstrdup+0x3c/0x60
+> [<c0520739>] ? vfs_kern_mount+0x69/0x170
+> [<f10b1a3c>] ? nfs_do_root_mount+0x6c/0xa0[nfs]
+> [<f10b1b47>] ? nfs4_try_mount+0x37/0xa0[nfs]
+> [<f10afe6d>] ? nfs4_validate_text_mount_data+-x7d/0xf0[nfs]
+> [<f10b1c42>] ? nfs4_get_sb+0x92/0x2f0
+> [<c0520739>] ? vfs_kern_mount+0x69/0x170
+> [<c05366d2>] ? get_fs_type+0x32/0xb0
+> [<c052089f>] ? do_kern_mount+0x3f/0xe0
+> [<c053954f>] ? do_mount+0x2ef/0x740
+> [<c0537740>] ? copy_mount_options+0xb0/0x120
+> [<c0539a0e>] ? sys_mount+0x6e/0xa0
+
+Hi,
+
+Does the following patch fix the problem?
+
+Cheers
+ Trond
+
+--------------------------
+SUNRPC: Fix a BUG in __rpc_create_common
+
+From: Trond Myklebust <Trond.Myklebust at netapp.com>
+
+Mi Jinlong reports:
+
+When testing NFSv4 at RHEL6 with kernel 2.6.32, I got a kernel panic
+at NFS client's __rpc_create_common function.
+
+The panic place is:
+ rpc_mkpipe
+ __rpc_lookup_create() <=== find pipefile *idmap*
+ __rpc_mkpipe() <=== pipefile is *idmap*
+ __rpc_create_common()
+ ****** BUG_ON(!d_unhashed(dentry)); ****** *panic*
+
+The test is wrong: we can find ourselves with a hashed negative dentry here
+if the idmapper tried to look up the file before we got round to creating
+it.
+
+Just replace the BUG_ON() with a d_drop(dentry).
+
+Reported-by: Mi Jinlong <mijinlong at cn.fujitsu.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+---
+
+diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
+index 10a17a3..5356d95 100644
+--- a/net/sunrpc/rpc_pipe.c
++++ b/net/sunrpc/rpc_pipe.c
+@@ -466,7 +466,7 @@ static int __rpc_create_common(struct inode *dir, struct dentry *dentry,
+ {
+ struct inode *inode;
+
+- BUG_ON(!d_unhashed(dentry));
++ d_drop(dentry);
+ inode = rpc_get_inode(dir->i_sb, mode);
+ if (!inode)
+ goto out_err;
More information about the scm-commits
mailing list