Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757041Ab0LMXBl (ORCPT ); Mon, 13 Dec 2010 18:01:41 -0500 Received: from mx2.netapp.com ([216.240.18.37]:39926 "EHLO mx2.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754620Ab0LMXBj convert rfc822-to-8bit (ORCPT ); Mon, 13 Dec 2010 18:01:39 -0500 X-IronPort-AV: E=Sophos;i="4.59,338,1288594800"; d="scan'208";a="494472506" Subject: Re: [PATCH] [38/223] SUNRPC: After calling xprt_release(), we must restart from call_reserve From: Trond Myklebust To: Andi Kleen Cc: gregkh@suse.de, ak@linux.intel.com, linux-kernel@vger.kernel.org, stable@kernel.org In-Reply-To: <20101212234534.D3DFCB27BF@basil.firstfloor.org> References: <201012131244.547034648@firstfloor.org> <20101212234534.D3DFCB27BF@basil.firstfloor.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Organization: NetApp Inc Date: Mon, 13 Dec 2010 18:01:34 -0500 Message-ID: <1292281294.13943.2.camel@heimdal.trondhjem.org> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 (2.32.1-1.fc14) X-OriginalArrivalTime: 13 Dec 2010 23:01:35.0344 (UTC) FILETIME=[B0D52F00:01CB9B19] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4992 Lines: 102 On Mon, 2010-12-13 at 00:45 +0100, Andi Kleen wrote: > 2.6.35-longterm review patch. If anyone has any objections, please let me know. Hi Andi, This patch isn't strictly needed for kernels 2.6.35.x or older: the Oops only appears in 2.6.36. Cheers Trond > ------------------ > From: Trond Myklebust > > commit 118df3d17f11733b294ea2cd988d56ee376ef9fd upstream. > > Rob Leslie reports seeing the following Oops after his Kerberos session > expired. > > BUG: unable to handle kernel NULL pointer dereference at 00000058 > IP: [] rpcauth_refreshcred+0x11/0x12c [sunrpc] > *pde = 00000000 > Oops: 0000 [#1] > last sysfs file: /sys/devices/platform/pc87360.26144/temp3_input > Modules linked in: autofs4 authenc esp4 xfrm4_mode_transport ipt_LOG ipt_REJECT xt_limit xt_state ipt_REDIRECT xt_owner xt_HL xt_hl xt_tcpudp xt_mark cls_u32 cls_tcindex sch_sfq sch_htb sch_dsmark geodewdt deflate ctr twofish_generic twofish_i586 twofish_common camellia serpent blowfish cast5 cbc xcbc rmd160 sha512_generic sha1_generic hmac crypto_null af_key rpcsec_gss_krb5 nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc ip_gre sit tunnel4 dummy ext3 jbd nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables x_tables pc8736x_gpio nsc_gpio pc87360 hwmon_vid loop aes_i586 aes_generic sha256_generic dm_crypt cs5535_gpio serio_raw cs5535_mfgpt hifn_795x des_generic geode_rng rng_core led_class ext4 mbcache jbd2 crc16 dm_mirror dm_region_hash dm_log dm_snapshot dm_mod sd_mod crc_t10dif ide_pci_generic cs5536 amd74xx ide_core pata_cs5536 ata_generic libata usb_stora > ge via_rhine mii scsi_mod btrfs zlib_deflate crc32c libcrc32c [last unloaded: scsi_wait_scan] > > Pid: 12875, comm: sudo Not tainted 2.6.36-net5501 #1 / > EIP: 0060:[] EFLAGS: 00010292 CPU: 0 > EIP is at rpcauth_refreshcred+0x11/0x12c [sunrpc] > EAX: 00000000 EBX: defb13a0 ECX: 00000006 EDX: e18683b8 > ESI: defb13a0 EDI: 00000000 EBP: 00000000 ESP: de571d58 > DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > Process sudo (pid: 12875, ti=de570000 task=decd1430 task.ti=de570000) > Stack: > e186e008 00000000 defb13a0 0000000d deda6000 e1868f22 e196f12b defb13a0 > <0> defb13d8 00000000 00000000 e186e0aa 00000000 defb13a0 de571dac 00000000 > <0> e186956c de571e34 debea5c0 de571dc8 e186967a 00000000 debea5c0 de571e34 > Call Trace: > [] ? rpc_wake_up_next+0x114/0x11b [sunrpc] > [] ? call_decode+0x24a/0x5af [sunrpc] > [] ? nfs4_xdr_dec_access+0x0/0xa2 [nfs] > [] ? __rpc_execute+0x62/0x17b [sunrpc] > [] ? rpc_run_task+0x91/0x97 [sunrpc] > [] ? rpc_call_sync+0x40/0x5b [sunrpc] > [] ? nfs4_proc_access+0x10a/0x176 [nfs] > [] ? nfs_do_access+0x2b1/0x2c0 [nfs] > [] ? rpcauth_lookupcred+0x62/0x84 [sunrpc] > [] ? nfs_permission+0xad/0x13b [nfs] > [] ? exec_permission+0x15/0x4b > [] ? link_path_walk+0x4f/0x456 > [] ? path_walk+0x4c/0xa8 > [] ? do_path_lookup+0x1f/0x68 > [] ? user_path_at+0x37/0x5f > [] ? handle_mm_fault+0x229/0x55b > [] ? sys_faccessat+0x93/0x146 > [] ? sys_access+0xf/0x13 > [] ? syscall_call+0x7/0xb > Code: 0f 94 c2 84 d2 74 09 8b 44 24 0c e8 6a e9 8b de 83 c4 14 89 d8 5b 5e 5f 5d c3 55 57 56 53 83 ec 1c fc 89 c6 8b 40 10 89 44 24 04 <8b> 58 58 85 db 0f 85 d4 00 00 00 0f b7 46 70 8b 56 20 89 c5 83 > EIP: [] rpcauth_refreshcred+0x11/0x12c [sunrpc] SS:ESP 0068:de571d58 > CR2: 0000000000000058 > > This appears to be caused by the function rpc_verify_header() first > calling xprt_release(), then doing a call_refresh. If we release the > transport slot, we should _always_ jump back to call_reserve before > calling anything else. > > Signed-off-by: Trond Myklebust > Signed-off-by: Greg Kroah-Hartman > Signed-off-by: Andi Kleen > > --- > net/sunrpc/clnt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > Index: linux/net/sunrpc/clnt.c > =================================================================== > --- linux.orig/net/sunrpc/clnt.c > +++ linux/net/sunrpc/clnt.c > @@ -1593,7 +1593,7 @@ rpc_verify_header(struct rpc_task *task) > rpcauth_invalcred(task); > /* Ensure we obtain a new XID! */ > xprt_release(task); > - task->tk_action = call_refresh; > + task->tk_action = call_reserve; > goto out_retry; > case RPC_AUTH_BADCRED: > case RPC_AUTH_BADVERF: -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@netapp.com www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/