Recently we have been seeing kernel panic in cifs_reconnect function
while accessing tgt_list. Looks like tgt_list is not initialized
correctly. There are fixes already present in 5.10 and later trees.
Backporting them to 5.4
CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
failover
BUG: unable to handle page fault for address: fffffffffffffff8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
Oops: 0000 [#1] SMP PTI
RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
Call Trace:
cifs_handle_standard+0x18d/0x1b0 [cifs]
cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
kthread+0x113/0x130
*** BLURB HERE ***
Paulo Alcantara (2):
cifs: get rid of unused parameter in reconn_setup_dfs_targets()
cifs: handle empty list of targets in cifs_reconnect()
fs/cifs/connect.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--
2.39.2
From: Paulo Alcantara <[email protected]>
commit baf3f08ef4083b76ca67b143e135213a7f941879 upstream.
The target iterator parameter "it" is not used in
reconn_setup_dfs_targets(), so just remove it.
Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
Reviewed-by: Aurelien Aptel <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Rishabh Bhatnagar <[email protected]>
---
fs/cifs/connect.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 6c8dd7c0b83a..b5cd3dc479ce 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -469,8 +469,7 @@ static void reconn_inval_dfs_target(struct TCP_Server_Info *server,
}
static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb,
- struct dfs_cache_tgt_list *tl,
- struct dfs_cache_tgt_iterator **it)
+ struct dfs_cache_tgt_list *tl)
{
if (!cifs_sb->origin_fullpath)
return -EOPNOTSUPP;
@@ -515,7 +514,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
} else {
cifs_sb = CIFS_SB(sb);
- rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list, &tgt_it);
+ rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
if (rc && (rc != -EOPNOTSUPP)) {
cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
__func__);
--
2.39.2
From: Paulo Alcantara <[email protected]>
commit a52930353eaf443489a350a135c5525a4acbbf56 upstream.
In case there were no cached DFS referrals in
reconn_setup_dfs_targets(), set cifs_sb to NULL prior to calling
reconn_set_next_dfs_target() so it would not try to access an empty
tgt_list.
Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
Reviewed-by: Aurelien Aptel <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Rishabh Bhatnagar <[email protected]>
---
fs/cifs/connect.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index b5cd3dc479ce..d8d9d9061544 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -513,11 +513,13 @@ cifs_reconnect(struct TCP_Server_Info *server)
sb = NULL;
} else {
cifs_sb = CIFS_SB(sb);
-
rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
- if (rc && (rc != -EOPNOTSUPP)) {
- cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
- __func__);
+ if (rc) {
+ cifs_sb = NULL;
+ if (rc != -EOPNOTSUPP) {
+ cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
+ __func__);
+ }
} else {
server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list);
}
--
2.39.2
On Wed, Jun 07, 2023 at 06:53:11PM +0000, Rishabh Bhatnagar wrote:
> Recently we have been seeing kernel panic in cifs_reconnect function
> while accessing tgt_list. Looks like tgt_list is not initialized
> correctly. There are fixes already present in 5.10 and later trees.
> Backporting them to 5.4
>
> CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
> failover
> BUG: unable to handle page fault for address: fffffffffffffff8
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
> Oops: 0000 [#1] SMP PTI
> RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
> RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
> RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
> Call Trace:
> cifs_handle_standard+0x18d/0x1b0 [cifs]
> cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
> kthread+0x113/0x130
>
> *** BLURB HERE ***
No blurb?
And this says 5.4, yet your patches say 5.10?
Totally confused...
greg k-h
On 6/7/23 12:07 PM, Greg KH wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
>
>
>
> On Wed, Jun 07, 2023 at 06:53:11PM +0000, Rishabh Bhatnagar wrote:
>> Recently we have been seeing kernel panic in cifs_reconnect function
>> while accessing tgt_list. Looks like tgt_list is not initialized
>> correctly. There are fixes already present in 5.10 and later trees.
>> Backporting them to 5.4
>>
>> CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
>> failover
>> BUG: unable to handle page fault for address: fffffffffffffff8
>> #PF: supervisor read access in kernel mode
>> #PF: error_code(0x0000) - not-present page
>> PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
>> Oops: 0000 [#1] SMP PTI
>> RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
>> RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
>> RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
>> Call Trace:
>> cifs_handle_standard+0x18d/0x1b0 [cifs]
>> cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
>> kthread+0x113/0x130
>>
>> *** BLURB HERE ***
> No blurb?
>
> And this says 5.4, yet your patches say 5.10?
>
> Totally confused...
>
> greg k-h
These patches are applicable for 5.4. Will send another version with
that fixed.
Apologies for the mess.
On Wed, Jun 07, 2023 at 01:20:23PM -0700, Bhatnagar, Rishabh wrote:
>
> On 6/7/23 12:07 PM, Greg KH wrote:
> > CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> >
> >
> >
> > On Wed, Jun 07, 2023 at 06:53:11PM +0000, Rishabh Bhatnagar wrote:
> > > Recently we have been seeing kernel panic in cifs_reconnect function
> > > while accessing tgt_list. Looks like tgt_list is not initialized
> > > correctly. There are fixes already present in 5.10 and later trees.
> > > Backporting them to 5.4
> > >
> > > CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
> > > failover
> > > BUG: unable to handle page fault for address: fffffffffffffff8
> > > #PF: supervisor read access in kernel mode
> > > #PF: error_code(0x0000) - not-present page
> > > PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
> > > Oops: 0000 [#1] SMP PTI
> > > RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
> > > RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
> > > RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
> > > Call Trace:
> > > cifs_handle_standard+0x18d/0x1b0 [cifs]
> > > cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
> > > kthread+0x113/0x130
> > >
> > > *** BLURB HERE ***
> > No blurb?
> >
> > And this says 5.4, yet your patches say 5.10?
> >
> > Totally confused...
> >
> > greg k-h
>
> These patches are applicable for 5.4. Will send another version with that
> fixed.
> Apologies for the mess.
Please resend both series, as this one I already dropped from my queue.
thanks,
greg k-h