[kernel/f13/master] Copy sunrpc oops fix from F14

Chuck Ebbert cebbert at fedoraproject.org
Mon Jan 31 03:48:08 UTC 2011


commit 455ee889cb33731b3a0bb1b76b587a5eeef1cb61
Author: Chuck Ebbert <cebbert at redhat.com>
Date:   Sun Jan 30 22:46:59 2011 -0500

    Copy sunrpc oops fix from F14

 kernel.spec                                |    9 ++
 sunrpc-kernel-panic-when-mount-nfsv4.patch |  139 ++++++++++++++++++++++++++++
 2 files changed, 148 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 393ce66..29b4ed1 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -940,6 +940,9 @@ Patch13943: tcp-increase-tcp_maxseg-socket-option-minimum.patch
 Patch13944: tcp-make-tcp_maxseg-minimum-more-correct.patch
 Patch13945: tcp-protect-sysctl_tcp_cookie_size-reads.patch
 
+# rhbz#673207 (f14)
+Patch13950: sunrpc-kernel-panic-when-mount-nfsv4.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1803,6 +1806,9 @@ ApplyPatch tcp-increase-tcp_maxseg-socket-option-minimum.patch
 ApplyPatch tcp-make-tcp_maxseg-minimum-more-correct.patch
 ApplyPatch tcp-protect-sysctl_tcp_cookie_size-reads.patch
 
+# rhbz#673207 (f14)
+ApplyPatch sunrpc-kernel-panic-when-mount-nfsv4.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2424,6 +2430,9 @@ fi
 
 
 %changelog
+* Sun Jan 30 2011 Chuck Ebbert <cebbert at redhat.com>
+- Copy sunrpc oops fix from F14
+
 * Wed Jan 26 2011 Chuck Ebbert <cebbert at redhat.com>
 - TCP networking fixes from 2.6.36.3, including one CVE
   CVE-2010-4165: possible kernel oops from user MSS
diff --git a/sunrpc-kernel-panic-when-mount-nfsv4.patch b/sunrpc-kernel-panic-when-mount-nfsv4.patch
new file mode 100644
index 0000000..c4e8214
--- /dev/null
+++ b/sunrpc-kernel-panic-when-mount-nfsv4.patch
@@ -0,0 +1,139 @@
+From: Trond Myklebust <Trond.Myklebust at netapp.com>
+Date: Mon, 20 Dec 2010 21:19:26 +0000 (+0000)
+Subject: kernel panic when mount NFSv4
+X-Git-Tag: v2.6.38-rc1~407^2~38
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=beb0f0a9fba1fa98b378329a9a5b0a73f25097ae
+
+kernel panic when mount NFSv4
+
+On Tue, 2010-12-14 at 16:58 +0800, Mi Jinlong wrote:
+> Hi,
+>
+> When testing NFSv4 at RHEL6 with kernel 2.6.32, I got a kernel panic
+> at NFS client's __rpc_create_common function.
+>
+> The panic place is:
+>   rpc_mkpipe
+>     __rpc_lookup_create()          <=== find pipefile *idmap*
+>     __rpc_mkpipe()                 <=== pipefile is *idmap*
+>       __rpc_create_common()
+>        ******  BUG_ON(!d_unhashed(dentry)); ******    *panic*
+>
+> It means that the dentry's d_flags have be set DCACHE_UNHASHED,
+> but it should not be set here.
+>
+> Is someone known this bug? or give me some idea?
+>
+> A reproduce program is append, but it can't reproduce the bug every time.
+> the export is: "/nfsroot       *(rw,no_root_squash,fsid=0,insecure)"
+>
+> And the panic message is append.
+>
+> ============================================================================
+> #!/bin/sh
+>
+> LOOPTOTAL=768
+> LOOPCOUNT=0
+> ret=0
+>
+> while [ $LOOPCOUNT -ne $LOOPTOTAL ]
+> do
+> 	((LOOPCOUNT += 1))
+> 	service nfs restart
+> 	/usr/sbin/rpc.idmapd
+> 	mount -t nfs4 127.0.0.1:/ /mnt|| return 1;
+> 	ls -l /var/lib/nfs/rpc_pipefs/nfs/*/
+> 	umount /mnt
+> 	echo $LOOPCOUNT
+> done
+>
+> ===============================================================================
+> Code: af 60 01 00 00 89 fa 89 f0 e8 64 cf 89 f0 e8 5c 7c 64 cf 31 c0 8b 5c 24 10 8b
+> 74 24 14 8b 7c 24 18 8b 6c 24 1c 83 c4 20 c3 <0f> 0b eb fc 8b 46 28 c7 44 24 08 20
+> de ee f0 c7 44 24 04 56 ea
+> EIP:[<f0ee92ea>] __rpc_create_common+0x8a/0xc0 [sunrpc] SS:ESP 0068:eccb5d28
+> ---[ end trace 8f5606cd08928ed2]---
+> Kernel panic - not syncing: Fatal exception
+> Pid:7131, comm: mount.nfs4 Tainted: G     D   -------------------2.6.32 #1
+> Call Trace:
+>  [<c080ad18>] ? panic+0x42/0xed
+>  [<c080e42c>] ? oops_end+0xbc/0xd0
+>  [<c040b090>] ? do_invalid_op+0x0/0x90
+>  [<c040b10f>] ? do_invalid_op+0x7f/0x90
+>  [<f0ee92ea>] ? __rpc_create_common+0x8a/0xc0[sunrpc]
+>  [<f0edc433>] ? rpc_free_task+0x33/0x70[sunrpc]
+>  [<f0ed6508>] ? prc_call_sync+0x48/0x60[sunrpc]
+>  [<f0ed656e>] ? rpc_ping+0x4e/0x60[sunrpc]
+>  [<f0ed6eaf>] ? rpc_create+0x38f/0x4f0[sunrpc]
+>  [<c080d80b>] ? error_code+0x73/0x78
+>  [<f0ee92ea>] ? __rpc_create_common+0x8a/0xc0[sunrpc]
+>  [<c0532bda>] ? d_lookup+0x2a/0x40
+>  [<f0ee94b1>] ? rpc_mkpipe+0x111/0x1b0[sunrpc]
+>  [<f10a59f4>] ? nfs_create_rpc_client+0xb4/0xf0[nfs]
+>  [<f10d6c6d>] ? nfs_fscache_get_client_cookie+0x1d/0x50[nfs]
+>  [<f10d3fcb>] ? nfs_idmap_new+0x7b/0x140[nfs]
+>  [<c05e76aa>] ? strlcpy+0x3a/0x60
+>  [<f10a60ca>] ? nfs4_set_client+0xea/0x2b0[nfs]
+>  [<f10a6d0c>] ? nfs4_create_server+0xac/0x1b0[nfs]
+>  [<c04f1400>] ? krealloc+0x40/0x50
+>  [<f10b0e8b>] ? nfs4_remote_get_sb+0x6b/0x250[nfs]
+>  [<c04f14ec>] ? kstrdup+0x3c/0x60
+>  [<c0520739>] ? vfs_kern_mount+0x69/0x170
+>  [<f10b1a3c>] ? nfs_do_root_mount+0x6c/0xa0[nfs]
+>  [<f10b1b47>] ? nfs4_try_mount+0x37/0xa0[nfs]
+>  [<f10afe6d>] ? nfs4_validate_text_mount_data+-x7d/0xf0[nfs]
+>  [<f10b1c42>] ? nfs4_get_sb+0x92/0x2f0
+>  [<c0520739>] ? vfs_kern_mount+0x69/0x170
+>  [<c05366d2>] ? get_fs_type+0x32/0xb0
+>  [<c052089f>] ? do_kern_mount+0x3f/0xe0
+>  [<c053954f>] ? do_mount+0x2ef/0x740
+>  [<c0537740>] ? copy_mount_options+0xb0/0x120
+>  [<c0539a0e>] ? sys_mount+0x6e/0xa0
+
+Hi,
+
+Does the following patch fix the problem?
+
+Cheers
+  Trond
+
+--------------------------
+SUNRPC: Fix a BUG in __rpc_create_common
+
+From: Trond Myklebust <Trond.Myklebust at netapp.com>
+
+Mi Jinlong reports:
+
+When testing NFSv4 at RHEL6 with kernel 2.6.32, I got a kernel panic
+at NFS client's __rpc_create_common function.
+
+The panic place is:
+  rpc_mkpipe
+      __rpc_lookup_create()          <=== find pipefile *idmap*
+      __rpc_mkpipe()                 <=== pipefile is *idmap*
+        __rpc_create_common()
+         ******  BUG_ON(!d_unhashed(dentry)); ****** *panic*
+
+The test is wrong: we can find ourselves with a hashed negative dentry here
+if the idmapper tried to look up the file before we got round to creating
+it.
+
+Just replace the BUG_ON() with a d_drop(dentry).
+
+Reported-by: Mi Jinlong <mijinlong at cn.fujitsu.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+---
+
+diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
+index 10a17a3..5356d95 100644
+--- a/net/sunrpc/rpc_pipe.c
++++ b/net/sunrpc/rpc_pipe.c
+@@ -466,7 +466,7 @@ static int __rpc_create_common(struct inode *dir, struct dentry *dentry,
+ {
+ 	struct inode *inode;
+ 
+-	BUG_ON(!d_unhashed(dentry));
++	d_drop(dentry);
+ 	inode = rpc_get_inode(dir->i_sb, mode);
+ 	if (!inode)
+ 		goto out_err;


More information about the scm-commits mailing list