Recently we have been seeing kernel panic in cifs_reconnect function
while accessing tgt_list. Looks like tgt_list is not initialized
correctly. There are fixes already present in 5.10 and later trees.
Backporting them to 5.4
CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
failover
BUG: unable to handle page fault for address: fffffffffffffff8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
Oops: 0000 [#1] SMP PTI
RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
Call Trace:
cifs_handle_standard+0x18d/0x1b0 [cifs]
cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
kthread+0x113/0x130
Paulo Alcantara (2):
cifs: get rid of unused parameter in reconn_setup_dfs_targets()
cifs: handle empty list of targets in cifs_reconnect()
fs/cifs/connect.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--
Changelog:
v2 -> v1:
- Correct the kernel tree from 5.10 to 5.4 for the patches.
2.39.2
From: Paulo Alcantara <[email protected]>
commit a52930353eaf443489a350a135c5525a4acbbf56 upstream.
In case there were no cached DFS referrals in
reconn_setup_dfs_targets(), set cifs_sb to NULL prior to calling
reconn_set_next_dfs_target() so it would not try to access an empty
tgt_list.
Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
Reviewed-by: Aurelien Aptel <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Rishabh Bhatnagar <[email protected]>
---
fs/cifs/connect.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index b5cd3dc479ce..d8d9d9061544 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -513,11 +513,13 @@ cifs_reconnect(struct TCP_Server_Info *server)
sb = NULL;
} else {
cifs_sb = CIFS_SB(sb);
-
rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
- if (rc && (rc != -EOPNOTSUPP)) {
- cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
- __func__);
+ if (rc) {
+ cifs_sb = NULL;
+ if (rc != -EOPNOTSUPP) {
+ cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
+ __func__);
+ }
} else {
server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list);
}
--
2.39.2
From: Paulo Alcantara <[email protected]>
commit baf3f08ef4083b76ca67b143e135213a7f941879 upstream.
The target iterator parameter "it" is not used in
reconn_setup_dfs_targets(), so just remove it.
Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
Reviewed-by: Aurelien Aptel <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Rishabh Bhatnagar <[email protected]>
---
fs/cifs/connect.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 6c8dd7c0b83a..b5cd3dc479ce 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -469,8 +469,7 @@ static void reconn_inval_dfs_target(struct TCP_Server_Info *server,
}
static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb,
- struct dfs_cache_tgt_list *tl,
- struct dfs_cache_tgt_iterator **it)
+ struct dfs_cache_tgt_list *tl)
{
if (!cifs_sb->origin_fullpath)
return -EOPNOTSUPP;
@@ -515,7 +514,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
} else {
cifs_sb = CIFS_SB(sb);
- rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list, &tgt_it);
+ rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
if (rc && (rc != -EOPNOTSUPP)) {
cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
__func__);
--
2.39.2
Rishabh Bhatnagar <[email protected]> writes:
> Recently we have been seeing kernel panic in cifs_reconnect function
> while accessing tgt_list. Looks like tgt_list is not initialized
> correctly. There are fixes already present in 5.10 and later trees.
> Backporting them to 5.4
>
> CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
> failover
> BUG: unable to handle page fault for address: fffffffffffffff8
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
> Oops: 0000 [#1] SMP PTI
> RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
> RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
> RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
> Call Trace:
> cifs_handle_standard+0x18d/0x1b0 [cifs]
> cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
> kthread+0x113/0x130
>
> Paulo Alcantara (2):
> cifs: get rid of unused parameter in reconn_setup_dfs_targets()
> cifs: handle empty list of targets in cifs_reconnect()
>
> fs/cifs/connect.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
Looks good.
On Thu, Jun 08, 2023 at 05:54:26PM -0300, Paulo Alcantara wrote:
> Rishabh Bhatnagar <[email protected]> writes:
>
> > Recently we have been seeing kernel panic in cifs_reconnect function
> > while accessing tgt_list. Looks like tgt_list is not initialized
> > correctly. There are fixes already present in 5.10 and later trees.
> > Backporting them to 5.4
> >
> > CIFS VFS: \\172.30.1.14 cifs_reconnect: no target servers for DFS
> > failover
> > BUG: unable to handle page fault for address: fffffffffffffff8
> > #PF: supervisor read access in kernel mode
> > #PF: error_code(0x0000) - not-present page
> > PGD 260e067 P4D 260e067 PUD 2610067 PMD 0
> > Oops: 0000 [#1] SMP PTI
> > RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs]
> > RSP: 0018:ffffc90000693da0 EFLAGS: 00010282
> > RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8
> > Call Trace:
> > cifs_handle_standard+0x18d/0x1b0 [cifs]
> > cifs_demultiplex_thread+0xa5c/0xc90 [cifs]
> > kthread+0x113/0x130
> >
> > Paulo Alcantara (2):
> > cifs: get rid of unused parameter in reconn_setup_dfs_targets()
> > cifs: handle empty list of targets in cifs_reconnect()
> >
> > fs/cifs/connect.c | 15 ++++++++-------
> > 1 file changed, 8 insertions(+), 7 deletions(-)
>
> Looks good.
Now queued up, thanks.
greg k-h