Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 27 Oct 2000 18:20:43 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 27 Oct 2000 18:20:34 -0400 Received: from cr918730-a.cambr1.on.wave.home.com ([24.112.108.39]:58355 "EHLO spider.ajlc.waterloo.on.ca") by vger.kernel.org with ESMTP id ; Fri, 27 Oct 2000 18:20:26 -0400 Message-Id: <200010272220.SAA31698@spider.ajlc.waterloo.on.ca> To: neilb@cse.unsw.edu.au cc: linux-kernel@vger.kernel.org Subject: OOPS in nfsd, affects all 2.2 and 2.4 kernels Reply-To: Tony.Lill@ajlc.waterloo.on.ca X-Face: ;-=i^Y0]L/#H Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org This was first reported in 2.2.12, according to Deja. Solaris clients, on rare occaisons, will send some command to a linux server which causes a null resp->fh.fh_dentry to be passed to routines in /usr/src/linux/fs/nfsd/nfsxdr.c. This causes an oops, and then the nfs server subsystem stop functioning. A fix is to check that this is not null before de-referencing it in the following three routines. I looked and this bug is present in the latest 2.2 and 2.4 kernels. Whatever condition causes this is very rare. We had a linux server supporting 100 Solaris and HP-UX boxes running flawlessly for 8 months, then one day something triggered this bug, and it wouldn't go away until I implemented this fix. There were no apparent side effects to doing this, although you may want to print some informative message to try and track down the real culprit. THis patch is against 2.2.16, but the code looks unchanged in 2.4.0. /usr/src/linux/fs/nfsd/nfsxdr.c Wed Nov 26 16:08:38 1997 --- nfsxdr.c Wed Aug 9 19:07:40 2000 *************** *** 364,370 **** nfssvc_encode_attrstat(struct svc_rqst *rqstp, u32 *p, struct nfsd_attrstat *resp) { ! if (!(p = encode_fattr(rqstp, p, resp->fh.fh_dentry->d_inode))) return 0; return xdr_ressize_check(rqstp, p); } --- 364,371 ---- nfssvc_encode_attrstat(struct svc_rqst *rqstp, u32 *p, struct nfsd_attrstat *resp) { ! if ( resp->fh.fh_dentry == NULL || ! !(p = encode_fattr(rqstp, p, resp->fh.fh_dentry->d_inode))) return 0; return xdr_ressize_check(rqstp, p); } *************** *** 373,379 **** nfssvc_encode_diropres(struct svc_rqst *rqstp, u32 *p, struct nfsd_diropres *resp) { ! if (!(p = encode_fh(p, &resp->fh)) || !(p = encode_fattr(rqstp, p, resp->fh.fh_dentry->d_inode))) return 0; return xdr_ressize_check(rqstp, p); --- 374,381 ---- nfssvc_encode_diropres(struct svc_rqst *rqstp, u32 *p, struct nfsd_diropres *resp) { ! if ( resp->fh.fh_dentry == NULL || ! !(p = encode_fh(p, &resp->fh)) || !(p = encode_fattr(rqstp, p, resp->fh.fh_dentry->d_inode))) return 0; return xdr_ressize_check(rqstp, p); *************** *** 392,398 **** nfssvc_encode_readres(struct svc_rqst *rqstp, u32 *p, struct nfsd_readres *resp) { ! if (!(p = encode_fattr(rqstp, p, resp->fh.fh_dentry->d_inode))) return 0; *p++ = htonl(resp->count); p += XDR_QUADLEN(resp->count); --- 394,401 ---- nfssvc_encode_readres(struct svc_rqst *rqstp, u32 *p, struct nfsd_readres *resp) { ! if ( resp->fh.fh_dentry == NULL || ! !(p = encode_fattr(rqstp, p, resp->fh.fh_dentry->d_inode))) return 0; *p++ = htonl(resp->count); p += XDR_QUADLEN(resp->count); -- Tony Lill, Tony.Lill@AJLC.Waterloo.ON.CA President, A. J. Lill Consultants fax/data (519) 650 3571 539 Grand Valley Dr., Cambridge, Ont. N3H 2S2 (519) 241 2461 --------------- http://www.ajlc.waterloo.on.ca/ ---------------- "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!" - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/