While working on object layout, we have encountered a general protection fault
in xdr_shrink_bufhead when killing a process performing a lot of reads.
we reproduced it on kernel v3.3 as follows:
* mount an object-based pNFS file system. we used exofs as the MDS. assume the
mount point is /mnt/pnfs
* cp -r /bin /mnt/pnfs
* run:
cd /mnt/pnfs
while while true; do
echo 3 > /proc/sys/vm/drop_caches;
rm -rf bin
cp -r bin /tmp &
sleep 1
kill -s int $!
done
* on my setup it crashed after a couple of minutes, your mileage may vary.
The first patch is the actual fix. the other two are cleanups.
Idan Kedar (3):
pnfs: defer release of pages in layoutget
pnfs: nfs4_proc_layoutget returns void
pnfs: use size_t for LAYOUTGET response pages count
fs/nfs/nfs4proc.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++--
fs/nfs/pnfs.c | 39 +---------------------------------
fs/nfs/pnfs.h | 2 +-
3 files changed, 60 insertions(+), 42 deletions(-)
--
1.7.6.5
we have encountered a bug whereby reading a lot of files (copying
fedora's /bin) from a pNFS mount and hitting Ctrl+C in the middle caused
a general protection fault in xdr_shrink_bufhead. this function is
called when decoding the response from LAYOUTGET. the decoding is done
by a worker thread, and the caller of LAYOUTGET waits for the worker
thread to complete.
hitting Ctrl+C caused the synchronous wait to end and the next thing the
caller does is to free the pages, so when the worker thread calls
xdr_shrink_bufhead, the pages are gone. therefore, the cleanup of these
pages has been moved to nfs4_layoutget_release.
Signed-off-by: Idan Kedar <[email protected]>
Signed-off-by: Benny Halevy <[email protected]>
---
fs/nfs/nfs4proc.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
fs/nfs/pnfs.c | 39 +-----------------------------------
fs/nfs/pnfs.h | 2 +-
3 files changed, 58 insertions(+), 40 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 15fc7e4..31a7858 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6164,11 +6164,58 @@ static void nfs4_layoutget_done(struct rpc_task *task, void *calldata)
dprintk("<-- %s\n", __func__);
}
+static u32 max_response_pages(struct nfs_server *server)
+{
+ u32 max_resp_sz = server->nfs_client->cl_session->fc_attrs.max_resp_sz;
+ return nfs_page_array_len(0, max_resp_sz);
+}
+
+static void free_pagevec(struct page **pages, u32 size)
+{
+ int i;
+
+ if (!pages)
+ return;
+
+ for (i = 0; i < size; i++) {
+ if (!pages[i])
+ break;
+ __free_page(pages[i]);
+ }
+ kfree(pages);
+}
+
+static struct page **alloc_pagevec(u32 size, gfp_t gfp_flags)
+{
+ struct page **pages;
+ int i;
+
+ pages = kzalloc(size * sizeof(struct page *), gfp_flags);
+ if (!pages) {
+ dprintk("%s: can't alloc array of %zu pages\n", __func__, size);
+ return NULL;
+ }
+
+ for (i = 0; i < size; i++) {
+ pages[i] = alloc_page(gfp_flags);
+ if (!pages[i]) {
+ dprintk("%s: failed to allocate page\n", __func__);
+ free_pagevec(pages, size);
+ return NULL;
+ }
+ }
+
+ return pages;
+}
+
static void nfs4_layoutget_release(void *calldata)
{
struct nfs4_layoutget *lgp = calldata;
+ struct nfs_server *server = NFS_SERVER(lgp->args.inode);
+ u32 max_pages = max_response_pages(server);
dprintk("--> %s\n", __func__);
+ free_pagevec(lgp->args.layout.pages, max_pages);
put_nfs_open_context(lgp->args.ctx);
kfree(calldata);
dprintk("<-- %s\n", __func__);
@@ -6180,9 +6227,10 @@ static const struct rpc_call_ops nfs4_layoutget_call_ops = {
.rpc_release = nfs4_layoutget_release,
};
-int nfs4_proc_layoutget(struct nfs4_layoutget *lgp)
+int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
{
struct nfs_server *server = NFS_SERVER(lgp->args.inode);
+ u32 max_pages = max_response_pages(server);
struct rpc_task *task;
struct rpc_message msg = {
.rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_LAYOUTGET],
@@ -6200,6 +6248,13 @@ int nfs4_proc_layoutget(struct nfs4_layoutget *lgp)
dprintk("--> %s\n", __func__);
+ lgp->args.layout.pages = alloc_pagevec(max_pages, gfp_flags);
+ if (!lgp->args.layout.pages) {
+ nfs4_layoutget_release(lgp);
+ return -ENOMEM;
+ }
+ lgp->args.layout.pglen = max_pages * PAGE_SIZE;
+
lgp->res.layoutp = &lgp->args.layout;
lgp->res.seq_res.sr_slot = NULL;
nfs41_init_sequence(&lgp->args.seq_args, &lgp->res.seq_res, 0);
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index bbc49ca..8229a0e 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -583,9 +583,6 @@ send_layoutget(struct pnfs_layout_hdr *lo,
struct nfs_server *server = NFS_SERVER(ino);
struct nfs4_layoutget *lgp;
struct pnfs_layout_segment *lseg = NULL;
- struct page **pages = NULL;
- int i;
- u32 max_resp_sz, max_pages;
dprintk("--> %s\n", __func__);
@@ -594,20 +591,6 @@ send_layoutget(struct pnfs_layout_hdr *lo,
if (lgp == NULL)
return NULL;
- /* allocate pages for xdr post processing */
- max_resp_sz = server->nfs_client->cl_session->fc_attrs.max_resp_sz;
- max_pages = nfs_page_array_len(0, max_resp_sz);
-
- pages = kcalloc(max_pages, sizeof(struct page *), gfp_flags);
- if (!pages)
- goto out_err_free;
-
- for (i = 0; i < max_pages; i++) {
- pages[i] = alloc_page(gfp_flags);
- if (!pages[i])
- goto out_err_free;
- }
-
lgp->args.minlength = PAGE_CACHE_SIZE;
if (lgp->args.minlength > range->length)
lgp->args.minlength = range->length;
@@ -616,39 +599,19 @@ send_layoutget(struct pnfs_layout_hdr *lo,
lgp->args.type = server->pnfs_curr_ld->id;
lgp->args.inode = ino;
lgp->args.ctx = get_nfs_open_context(ctx);
- lgp->args.layout.pages = pages;
- lgp->args.layout.pglen = max_pages * PAGE_SIZE;
lgp->lsegpp = &lseg;
lgp->gfp_flags = gfp_flags;
/* Synchronously retrieve layout information from server and
* store in lseg.
*/
- nfs4_proc_layoutget(lgp);
+ nfs4_proc_layoutget(lgp, gfp_flags);
if (!lseg) {
/* remember that LAYOUTGET failed and suspend trying */
set_bit(lo_fail_bit(range->iomode), &lo->plh_flags);
}
- /* free xdr pages */
- for (i = 0; i < max_pages; i++)
- __free_page(pages[i]);
- kfree(pages);
-
return lseg;
-
-out_err_free:
- /* free any allocated xdr pages, lgp as it's not used */
- if (pages) {
- for (i = 0; i < max_pages; i++) {
- if (!pages[i])
- break;
- __free_page(pages[i]);
- }
- kfree(pages);
- }
- kfree(lgp);
- return NULL;
}
/* Initiates a LAYOUTRETURN(FILE) */
diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h
index 64f90d8..9a31ff3 100644
--- a/fs/nfs/pnfs.h
+++ b/fs/nfs/pnfs.h
@@ -171,7 +171,7 @@ extern int nfs4_proc_getdevicelist(struct nfs_server *server,
struct pnfs_devicelist *devlist);
extern int nfs4_proc_getdeviceinfo(struct nfs_server *server,
struct pnfs_device *dev);
-extern int nfs4_proc_layoutget(struct nfs4_layoutget *lgp);
+extern int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags);
extern int nfs4_proc_layoutreturn(struct nfs4_layoutreturn *lrp);
/* pnfs.c */
--
1.7.6.5
T24gTW9uLCAyMDEyLTA3LTIzIGF0IDEzOjA1ICswMzAwLCBJZGFuIEtlZGFyIHdyb3RlOg0KPiB3
ZSBoYXZlIGVuY291bnRlcmVkIGEgYnVnIHdoZXJlYnkgcmVhZGluZyBhIGxvdCBvZiBmaWxlcyAo
Y29weWluZw0KPiBmZWRvcmEncyAvYmluKSBmcm9tIGEgcE5GUyBtb3VudCBhbmQgaGl0dGluZyBD
dHJsK0MgaW4gdGhlIG1pZGRsZSBjYXVzZWQNCj4gYSBnZW5lcmFsIHByb3RlY3Rpb24gZmF1bHQg
aW4geGRyX3Nocmlua19idWZoZWFkLiB0aGlzIGZ1bmN0aW9uIGlzDQo+IGNhbGxlZCB3aGVuIGRl
Y29kaW5nIHRoZSByZXNwb25zZSBmcm9tIExBWU9VVEdFVC4gdGhlIGRlY29kaW5nIGlzIGRvbmUN
Cj4gYnkgYSB3b3JrZXIgdGhyZWFkLCBhbmQgdGhlIGNhbGxlciBvZiBMQVlPVVRHRVQgd2FpdHMg
Zm9yIHRoZSB3b3JrZXINCj4gdGhyZWFkIHRvIGNvbXBsZXRlLg0KPiANCj4gaGl0dGluZyBDdHJs
K0MgY2F1c2VkIHRoZSBzeW5jaHJvbm91cyB3YWl0IHRvIGVuZCBhbmQgdGhlIG5leHQgdGhpbmcg
dGhlDQo+IGNhbGxlciBkb2VzIGlzIHRvIGZyZWUgdGhlIHBhZ2VzLCBzbyB3aGVuIHRoZSB3b3Jr
ZXIgdGhyZWFkIGNhbGxzDQo+IHhkcl9zaHJpbmtfYnVmaGVhZCwgdGhlIHBhZ2VzIGFyZSBnb25l
LiB0aGVyZWZvcmUsIHRoZSBjbGVhbnVwIG9mIHRoZXNlDQo+IHBhZ2VzIGhhcyBiZWVuIG1vdmVk
IHRvIG5mczRfbGF5b3V0Z2V0X3JlbGVhc2UuDQo+IA0KPiBTaWduZWQtb2ZmLWJ5OiBJZGFuIEtl
ZGFyIDxpZGFua0B0b25pYW4uY29tPg0KPiBTaWduZWQtb2ZmLWJ5OiBCZW5ueSBIYWxldnkgPGJo
YWxldnlAdG9uaWFuLmNvbT4NCj4gLS0tDQo+ICBmcy9uZnMvbmZzNHByb2MuYyB8ICAgNTcgKysr
KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKy0NCj4gIGZz
L25mcy9wbmZzLmMgICAgIHwgICAzOSArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0NCj4gIGZzL25mcy9wbmZzLmggICAgIHwgICAgMiArLQ0KPiAgMyBmaWxlcyBjaGFuZ2VkLCA1
OCBpbnNlcnRpb25zKCspLCA0MCBkZWxldGlvbnMoLSkNCj4gDQo+IGRpZmYgLS1naXQgYS9mcy9u
ZnMvbmZzNHByb2MuYyBiL2ZzL25mcy9uZnM0cHJvYy5jDQo+IGluZGV4IDE1ZmM3ZTQuLjMxYTc4
NTggMTAwNjQ0DQo+IC0tLSBhL2ZzL25mcy9uZnM0cHJvYy5jDQo+ICsrKyBiL2ZzL25mcy9uZnM0
cHJvYy5jDQo+IEBAIC02MTY0LDExICs2MTY0LDU4IEBAIHN0YXRpYyB2b2lkIG5mczRfbGF5b3V0
Z2V0X2RvbmUoc3RydWN0IHJwY190YXNrICp0YXNrLCB2b2lkICpjYWxsZGF0YSkNCj4gIAlkcHJp
bnRrKCI8LS0gJXNcbiIsIF9fZnVuY19fKTsNCj4gIH0NCj4gIA0KPiArc3RhdGljIHUzMiBtYXhf
cmVzcG9uc2VfcGFnZXMoc3RydWN0IG5mc19zZXJ2ZXIgKnNlcnZlcikNCj4gK3sNCj4gKwl1MzIg
bWF4X3Jlc3Bfc3ogPSBzZXJ2ZXItPm5mc19jbGllbnQtPmNsX3Nlc3Npb24tPmZjX2F0dHJzLm1h
eF9yZXNwX3N6Ow0KPiArCXJldHVybiBuZnNfcGFnZV9hcnJheV9sZW4oMCwgbWF4X3Jlc3Bfc3op
Ow0KPiArfQ0KPiArDQo+ICtzdGF0aWMgdm9pZCBmcmVlX3BhZ2V2ZWMoc3RydWN0IHBhZ2UgKipw
YWdlcywgdTMyIHNpemUpDQoNCldlIGFscmVhZHkgaGF2ZSBhICdzdHJ1Y3QgcGFnZXZlYycgKHNl
ZSBpbmNsdWRlL2xpbnV4L3BhZ2V2ZWMuaCksIHNvIHRoZQ0KYWJvdmUgbmFtZSBpcyBjb25mdXNp
bmcuIEluIGFkZGl0aW9uLCB5b3UgcmVhbGx5IHNob3VsZCB1c2UgYSAnbmZzNF8nDQpwcmVmaXgg
aW4gb3JkZXIgdG8gYmUgY29uc2lzdGVudCB3aXRoIHRoZSBuYW1pbmcgc2NoZW1lIGZvciBmdW5j
dGlvbnMgaW4NCmZzL25mcy9uZnM0cHJvYy5jDQoNCj4gK3sNCj4gKwlpbnQgaTsNCj4gKw0KPiAr
CWlmICghcGFnZXMpDQo+ICsJCXJldHVybjsNCj4gKw0KPiArCWZvciAoaSA9IDA7IGkgPCBzaXpl
OyBpKyspIHsNCj4gKwkJaWYgKCFwYWdlc1tpXSkNCj4gKwkJCWJyZWFrOw0KPiArCQlfX2ZyZWVf
cGFnZShwYWdlc1tpXSk7DQo+ICsJfQ0KPiArCWtmcmVlKHBhZ2VzKTsNCj4gK30NCj4gKw0KPiAr
c3RhdGljIHN0cnVjdCBwYWdlICoqYWxsb2NfcGFnZXZlYyh1MzIgc2l6ZSwgZ2ZwX3QgZ2ZwX2Zs
YWdzKQ0KDQpEaXR0by4gU2VlIGFib3ZlLi4uDQoNCj4gK3sNCj4gKwlzdHJ1Y3QgcGFnZSAqKnBh
Z2VzOw0KPiArCWludCBpOw0KPiArDQo+ICsJcGFnZXMgPSBremFsbG9jKHNpemUgKiBzaXplb2Yo
c3RydWN0IHBhZ2UgKiksIGdmcF9mbGFncyk7DQoNClBsZWFzZSB1c2Uga2NhbGxvYyB3aGVuIGFs
bG9jYXRpbmcgYSB6ZXJvLWluaXRpYWxpc2VkIGFycmF5Lg0KDQo+ICsJaWYgKCFwYWdlcykgew0K
PiArCQlkcHJpbnRrKCIlczogY2FuJ3QgYWxsb2MgYXJyYXkgb2YgJXp1IHBhZ2VzXG4iLCBfX2Z1
bmNfXywgc2l6ZSk7DQo+ICsJCXJldHVybiBOVUxMOw0KPiArCX0NCj4gKw0KPiArCWZvciAoaSA9
IDA7IGkgPCBzaXplOyBpKyspIHsNCj4gKwkJcGFnZXNbaV0gPSBhbGxvY19wYWdlKGdmcF9mbGFn
cyk7DQo+ICsJCWlmICghcGFnZXNbaV0pIHsNCj4gKwkJCWRwcmludGsoIiVzOiBmYWlsZWQgdG8g
YWxsb2NhdGUgcGFnZVxuIiwgX19mdW5jX18pOw0KPiArCQkJZnJlZV9wYWdldmVjKHBhZ2VzLCBz
aXplKTsNCj4gKwkJCXJldHVybiBOVUxMOw0KPiArCQl9DQo+ICsJfQ0KPiArDQo+ICsJcmV0dXJu
IHBhZ2VzOw0KPiArfQ0KPiArDQo+ICBzdGF0aWMgdm9pZCBuZnM0X2xheW91dGdldF9yZWxlYXNl
KHZvaWQgKmNhbGxkYXRhKQ0KPiAgew0KPiAgCXN0cnVjdCBuZnM0X2xheW91dGdldCAqbGdwID0g
Y2FsbGRhdGE7DQo+ICsJc3RydWN0IG5mc19zZXJ2ZXIgKnNlcnZlciA9IE5GU19TRVJWRVIobGdw
LT5hcmdzLmlub2RlKTsNCj4gKwl1MzIgbWF4X3BhZ2VzID0gbWF4X3Jlc3BvbnNlX3BhZ2VzKHNl
cnZlcik7DQo+ICANCj4gIAlkcHJpbnRrKCItLT4gJXNcbiIsIF9fZnVuY19fKTsNCj4gKwlmcmVl
X3BhZ2V2ZWMobGdwLT5hcmdzLmxheW91dC5wYWdlcywgbWF4X3BhZ2VzKTsNCj4gIAlwdXRfbmZz
X29wZW5fY29udGV4dChsZ3AtPmFyZ3MuY3R4KTsNCj4gIAlrZnJlZShjYWxsZGF0YSk7DQo+ICAJ
ZHByaW50aygiPC0tICVzXG4iLCBfX2Z1bmNfXyk7DQo+IEBAIC02MTgwLDkgKzYyMjcsMTAgQEAg
c3RhdGljIGNvbnN0IHN0cnVjdCBycGNfY2FsbF9vcHMgbmZzNF9sYXlvdXRnZXRfY2FsbF9vcHMg
PSB7DQo+ICAJLnJwY19yZWxlYXNlID0gbmZzNF9sYXlvdXRnZXRfcmVsZWFzZSwNCj4gIH07DQo+
ICANCj4gLWludCBuZnM0X3Byb2NfbGF5b3V0Z2V0KHN0cnVjdCBuZnM0X2xheW91dGdldCAqbGdw
KQ0KPiAraW50IG5mczRfcHJvY19sYXlvdXRnZXQoc3RydWN0IG5mczRfbGF5b3V0Z2V0ICpsZ3As
IGdmcF90IGdmcF9mbGFncykNCj4gIHsNCj4gIAlzdHJ1Y3QgbmZzX3NlcnZlciAqc2VydmVyID0g
TkZTX1NFUlZFUihsZ3AtPmFyZ3MuaW5vZGUpOw0KPiArCXUzMiBtYXhfcGFnZXMgPSBtYXhfcmVz
cG9uc2VfcGFnZXMoc2VydmVyKTsNCj4gIAlzdHJ1Y3QgcnBjX3Rhc2sgKnRhc2s7DQo+ICAJc3Ry
dWN0IHJwY19tZXNzYWdlIG1zZyA9IHsNCj4gIAkJLnJwY19wcm9jID0gJm5mczRfcHJvY2VkdXJl
c1tORlNQUk9DNF9DTE5UX0xBWU9VVEdFVF0sDQo+IEBAIC02MjAwLDYgKzYyNDgsMTMgQEAgaW50
IG5mczRfcHJvY19sYXlvdXRnZXQoc3RydWN0IG5mczRfbGF5b3V0Z2V0ICpsZ3ApDQo+ICANCj4g
IAlkcHJpbnRrKCItLT4gJXNcbiIsIF9fZnVuY19fKTsNCj4gIA0KPiArCWxncC0+YXJncy5sYXlv
dXQucGFnZXMgPSBhbGxvY19wYWdldmVjKG1heF9wYWdlcywgZ2ZwX2ZsYWdzKTsNCj4gKwlpZiAo
IWxncC0+YXJncy5sYXlvdXQucGFnZXMpIHsNCj4gKwkJbmZzNF9sYXlvdXRnZXRfcmVsZWFzZShs
Z3ApOw0KPiArCQlyZXR1cm4gLUVOT01FTTsNCj4gKwl9DQo+ICsJbGdwLT5hcmdzLmxheW91dC5w
Z2xlbiA9IG1heF9wYWdlcyAqIFBBR0VfU0laRTsNCj4gKw0KPiAgCWxncC0+cmVzLmxheW91dHAg
PSAmbGdwLT5hcmdzLmxheW91dDsNCj4gIAlsZ3AtPnJlcy5zZXFfcmVzLnNyX3Nsb3QgPSBOVUxM
Ow0KPiAgCW5mczQxX2luaXRfc2VxdWVuY2UoJmxncC0+YXJncy5zZXFfYXJncywgJmxncC0+cmVz
LnNlcV9yZXMsIDApOw0KPiBkaWZmIC0tZ2l0IGEvZnMvbmZzL3BuZnMuYyBiL2ZzL25mcy9wbmZz
LmMNCj4gaW5kZXggYmJjNDljYS4uODIyOWEwZSAxMDA2NDQNCj4gLS0tIGEvZnMvbmZzL3BuZnMu
Yw0KPiArKysgYi9mcy9uZnMvcG5mcy5jDQo+IEBAIC01ODMsOSArNTgzLDYgQEAgc2VuZF9sYXlv
dXRnZXQoc3RydWN0IHBuZnNfbGF5b3V0X2hkciAqbG8sDQo+ICAJc3RydWN0IG5mc19zZXJ2ZXIg
KnNlcnZlciA9IE5GU19TRVJWRVIoaW5vKTsNCj4gIAlzdHJ1Y3QgbmZzNF9sYXlvdXRnZXQgKmxn
cDsNCj4gIAlzdHJ1Y3QgcG5mc19sYXlvdXRfc2VnbWVudCAqbHNlZyA9IE5VTEw7DQo+IC0Jc3Ry
dWN0IHBhZ2UgKipwYWdlcyA9IE5VTEw7DQo+IC0JaW50IGk7DQo+IC0JdTMyIG1heF9yZXNwX3N6
LCBtYXhfcGFnZXM7DQo+ICANCj4gIAlkcHJpbnRrKCItLT4gJXNcbiIsIF9fZnVuY19fKTsNCj4g
IA0KPiBAQCAtNTk0LDIwICs1OTEsNiBAQCBzZW5kX2xheW91dGdldChzdHJ1Y3QgcG5mc19sYXlv
dXRfaGRyICpsbywNCj4gIAlpZiAobGdwID09IE5VTEwpDQo+ICAJCXJldHVybiBOVUxMOw0KPiAg
DQo+IC0JLyogYWxsb2NhdGUgcGFnZXMgZm9yIHhkciBwb3N0IHByb2Nlc3NpbmcgKi8NCj4gLQlt
YXhfcmVzcF9zeiA9IHNlcnZlci0+bmZzX2NsaWVudC0+Y2xfc2Vzc2lvbi0+ZmNfYXR0cnMubWF4
X3Jlc3Bfc3o7DQo+IC0JbWF4X3BhZ2VzID0gbmZzX3BhZ2VfYXJyYXlfbGVuKDAsIG1heF9yZXNw
X3N6KTsNCj4gLQ0KPiAtCXBhZ2VzID0ga2NhbGxvYyhtYXhfcGFnZXMsIHNpemVvZihzdHJ1Y3Qg
cGFnZSAqKSwgZ2ZwX2ZsYWdzKTsNCj4gLQlpZiAoIXBhZ2VzKQ0KPiAtCQlnb3RvIG91dF9lcnJf
ZnJlZTsNCj4gLQ0KPiAtCWZvciAoaSA9IDA7IGkgPCBtYXhfcGFnZXM7IGkrKykgew0KPiAtCQlw
YWdlc1tpXSA9IGFsbG9jX3BhZ2UoZ2ZwX2ZsYWdzKTsNCj4gLQkJaWYgKCFwYWdlc1tpXSkNCj4g
LQkJCWdvdG8gb3V0X2Vycl9mcmVlOw0KPiAtCX0NCj4gLQ0KPiAgCWxncC0+YXJncy5taW5sZW5n
dGggPSBQQUdFX0NBQ0hFX1NJWkU7DQo+ICAJaWYgKGxncC0+YXJncy5taW5sZW5ndGggPiByYW5n
ZS0+bGVuZ3RoKQ0KPiAgCQlsZ3AtPmFyZ3MubWlubGVuZ3RoID0gcmFuZ2UtPmxlbmd0aDsNCj4g
QEAgLTYxNiwzOSArNTk5LDE5IEBAIHNlbmRfbGF5b3V0Z2V0KHN0cnVjdCBwbmZzX2xheW91dF9o
ZHIgKmxvLA0KPiAgCWxncC0+YXJncy50eXBlID0gc2VydmVyLT5wbmZzX2N1cnJfbGQtPmlkOw0K
PiAgCWxncC0+YXJncy5pbm9kZSA9IGlubzsNCj4gIAlsZ3AtPmFyZ3MuY3R4ID0gZ2V0X25mc19v
cGVuX2NvbnRleHQoY3R4KTsNCj4gLQlsZ3AtPmFyZ3MubGF5b3V0LnBhZ2VzID0gcGFnZXM7DQo+
IC0JbGdwLT5hcmdzLmxheW91dC5wZ2xlbiA9IG1heF9wYWdlcyAqIFBBR0VfU0laRTsNCj4gIAls
Z3AtPmxzZWdwcCA9ICZsc2VnOw0KPiAgCWxncC0+Z2ZwX2ZsYWdzID0gZ2ZwX2ZsYWdzOw0KPiAg
DQo+ICAJLyogU3luY2hyb25vdXNseSByZXRyaWV2ZSBsYXlvdXQgaW5mb3JtYXRpb24gZnJvbSBz
ZXJ2ZXIgYW5kDQo+ICAJICogc3RvcmUgaW4gbHNlZy4NCj4gIAkgKi8NCj4gLQluZnM0X3Byb2Nf
bGF5b3V0Z2V0KGxncCk7DQo+ICsJbmZzNF9wcm9jX2xheW91dGdldChsZ3AsIGdmcF9mbGFncyk7
DQo+ICAJaWYgKCFsc2VnKSB7DQo+ICAJCS8qIHJlbWVtYmVyIHRoYXQgTEFZT1VUR0VUIGZhaWxl
ZCBhbmQgc3VzcGVuZCB0cnlpbmcgKi8NCj4gIAkJc2V0X2JpdChsb19mYWlsX2JpdChyYW5nZS0+
aW9tb2RlKSwgJmxvLT5wbGhfZmxhZ3MpOw0KPiAgCX0NCj4gIA0KPiAtCS8qIGZyZWUgeGRyIHBh
Z2VzICovDQo+IC0JZm9yIChpID0gMDsgaSA8IG1heF9wYWdlczsgaSsrKQ0KPiAtCQlfX2ZyZWVf
cGFnZShwYWdlc1tpXSk7DQo+IC0Ja2ZyZWUocGFnZXMpOw0KPiAtDQo+ICAJcmV0dXJuIGxzZWc7
DQo+IC0NCj4gLW91dF9lcnJfZnJlZToNCj4gLQkvKiBmcmVlIGFueSBhbGxvY2F0ZWQgeGRyIHBh
Z2VzLCBsZ3AgYXMgaXQncyBub3QgdXNlZCAqLw0KPiAtCWlmIChwYWdlcykgew0KPiAtCQlmb3Ig
KGkgPSAwOyBpIDwgbWF4X3BhZ2VzOyBpKyspIHsNCj4gLQkJCWlmICghcGFnZXNbaV0pDQo+IC0J
CQkJYnJlYWs7DQo+IC0JCQlfX2ZyZWVfcGFnZShwYWdlc1tpXSk7DQo+IC0JCX0NCj4gLQkJa2Zy
ZWUocGFnZXMpOw0KPiAtCX0NCj4gLQlrZnJlZShsZ3ApOw0KPiAtCXJldHVybiBOVUxMOw0KPiAg
fQ0KPiAgDQo+ICAvKiBJbml0aWF0ZXMgYSBMQVlPVVRSRVRVUk4oRklMRSkgKi8NCj4gZGlmZiAt
LWdpdCBhL2ZzL25mcy9wbmZzLmggYi9mcy9uZnMvcG5mcy5oDQo+IGluZGV4IDY0ZjkwZDguLjlh
MzFmZjMgMTAwNjQ0DQo+IC0tLSBhL2ZzL25mcy9wbmZzLmgNCj4gKysrIGIvZnMvbmZzL3BuZnMu
aA0KPiBAQCAtMTcxLDcgKzE3MSw3IEBAIGV4dGVybiBpbnQgbmZzNF9wcm9jX2dldGRldmljZWxp
c3Qoc3RydWN0IG5mc19zZXJ2ZXIgKnNlcnZlciwNCj4gIAkJCQkgICBzdHJ1Y3QgcG5mc19kZXZp
Y2VsaXN0ICpkZXZsaXN0KTsNCj4gIGV4dGVybiBpbnQgbmZzNF9wcm9jX2dldGRldmljZWluZm8o
c3RydWN0IG5mc19zZXJ2ZXIgKnNlcnZlciwNCj4gIAkJCQkgICBzdHJ1Y3QgcG5mc19kZXZpY2Ug
KmRldik7DQo+IC1leHRlcm4gaW50IG5mczRfcHJvY19sYXlvdXRnZXQoc3RydWN0IG5mczRfbGF5
b3V0Z2V0ICpsZ3ApOw0KPiArZXh0ZXJuIGludCBuZnM0X3Byb2NfbGF5b3V0Z2V0KHN0cnVjdCBu
ZnM0X2xheW91dGdldCAqbGdwLCBnZnBfdCBnZnBfZmxhZ3MpOw0KPiAgZXh0ZXJuIGludCBuZnM0
X3Byb2NfbGF5b3V0cmV0dXJuKHN0cnVjdCBuZnM0X2xheW91dHJldHVybiAqbHJwKTsNCj4gIA0K
PiAgLyogcG5mcy5jICovDQoNCg==
On Mon, Jul 23, 2012 at 1:05 PM, Idan Kedar <[email protected]> wrote:
> While working on object layout, we have encountered a general protection fault
> in xdr_shrink_bufhead when killing a process performing a lot of reads.
>
full trace:
[ 139.546742] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 139.547044] CPU 0
[ 139.547044] Modules linked in: objlayoutdriver1 exofs libore osd
libosd netconsole nfs nfsd lockd fscache nfs_acl auth_rpcgss sunrpc
iscsi_tcp e1000 serio_raw rtc_cmos [last unloaded: libosd]
[ 139.547044]
[ 139.547044] Pid: 4, comm: kworker/0:0 Not tainted 3.3.0-nfsobj+ #15
innotek GmbH VirtualBox
[ 139.547044] RIP: 0010:[<ffffffff812bed7b>] [<ffffffff812bed7b>]
memcpy+0xb/0x120
[ 139.547044] RSP: 0018:ffff88003dd33a98 EFLAGS: 00010202
[ 139.547044] RAX: ffff88002f69b3d4 RBX: ffff88002f69b3d4 RCX: 000000000000000d
[ 139.547044] RDX: 0000000000000004 RSI: dadfe2dadadad004 RDI: ffff88002f69b3d4
[ 139.547044] RBP: ffff88003dd33ae0 R08: 0000000000000000 R09: 0000000000000000
[ 139.547044] R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000006c
[ 139.547044] R13: 0000000000000004 R14: 000000000000006c R15: ffff88003dd32000
[ 139.547044] FS: 0000000000000000(0000) GS:ffff88003e200000(0000)
knlGS:0000000000000000
[ 139.547044] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 139.547044] CR2: 00000000019bd028 CR3: 000000003540d000 CR4: 00000000000006f0
[ 139.547044] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 139.547044] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 139.547044] Process kworker/0:0 (pid: 4, threadinfo
ffff88003dd32000, task ffff88003dd38000)
[ 139.547044] Stack:
[ 139.547044] ffffffffa0048a87 ffff88003dd33fd8 ffff88002f53e518
ffff88003dd33bb8
[ 139.547044] ffff88003b2c4d68 0000000000000ffc 0000000000021000
0000000000021000
[ 139.547044] 0000000000000001 ffff88003dd33b50 ffffffffa00493bf
ffff88003dd33b80
[ 139.547044] Call Trace:
[ 139.547044] [<ffffffffa0048a87>] ? _copy_from_pages+0xa7/0xe0 [sunrpc]
[ 139.547044] [<ffffffffa00493bf>] xdr_shrink_bufhead+0x7f/0x260 [sunrpc]
[ 139.547044] [<ffffffffa01bc1b0>] ?
nfs4_xdr_dec_getdeviceinfo+0x1d0/0x1d0 [nfs]
[ 139.547044] [<ffffffffa00495f2>] xdr_read_pages+0x42/0x150 [sunrpc]
[ 139.547044] [<ffffffffa01bc338>] nfs4_xdr_dec_layoutget+0x188/0x230 [nfs]
[ 139.547044] [<ffffffffa01bc1b0>] ?
nfs4_xdr_dec_getdeviceinfo+0x1d0/0x1d0 [nfs]
[ 139.547044] [<ffffffffa003f1ed>] rpcauth_unwrap_resp+0x9d/0xd0 [sunrpc]
[ 139.547044] [<ffffffffa01bc1b0>] ?
nfs4_xdr_dec_getdeviceinfo+0x1d0/0x1d0 [nfs]
[ 139.547044] [<ffffffffa0033cc9>] call_decode+0x1c9/0x860 [sunrpc]
[ 139.547044] [<ffffffff8107b8cc>] ? process_one_work+0x13c/0x530
[ 139.547044] [<ffffffffa003d900>] ? __rpc_execute+0x2b0/0x2b0 [sunrpc]
[ 139.547044] [<ffffffffa003d6b6>] __rpc_execute+0x66/0x2b0 [sunrpc]
[ 139.547044] [<ffffffffa003d900>] ? __rpc_execute+0x2b0/0x2b0 [sunrpc]
[ 139.547044] [<ffffffffa003d915>] rpc_async_schedule+0x15/0x20 [sunrpc]
[ 139.547044] [<ffffffff8107b92f>] process_one_work+0x19f/0x530
[ 139.547044] [<ffffffff8107b8cc>] ? process_one_work+0x13c/0x530
[ 139.547044] [<ffffffff8107d449>] worker_thread+0x159/0x340
[ 139.547044] [<ffffffff8107d2f0>] ? manage_workers+0x230/0x230
[ 139.547044] [<ffffffff810825c7>] kthread+0xb7/0xc0
[ 139.547044] [<ffffffff810b22a5>] ? trace_hardirqs_on_caller+0x105/0x190
[ 139.547044] [<ffffffff816ed334>] kernel_thread_helper+0x4/0x10
[ 139.547044] [<ffffffff816eb6b4>] ? retint_restore_args+0x13/0x13
[ 139.547044] [<ffffffff81082510>] ? __init_kthread_worker+0x70/0x70
[ 139.547044] [<ffffffff816ed330>] ? gs_change+0x13/0x13
[ 139.547044] Code: 58 48 2b 43 50 88 43 4e 48 83 c4 08 5b 5d c3 90
e8 8b fb ff ff eb e6 90 90 90 90 90 90 90 90 90 48 89 f8 89 d1 c1 e9
03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 20 48 83 ea 20 4c 8b 06 4c 8b 4e
08 4c
[ 139.547044] RIP [<ffffffff812bed7b>] memcpy+0xb/0x120
[ 139.547044] RSP <ffff88003dd33a98>
> we reproduced it on kernel v3.3 as follows:
> * mount an object-based pNFS file system. we used exofs as the MDS. assume the
> mount point is /mnt/pnfs
> * cp -r /bin /mnt/pnfs
> * run:
> cd /mnt/pnfs
> while while true; do
> echo 3 > /proc/sys/vm/drop_caches;
> rm -rf bin
> cp -r bin /tmp &
> sleep 1
> kill -s int $!
> done
oops, silly me... here's the correct one
cp -r /bin /mnt/pnfs
cd /mnt/pnfs
while true; do
rm -rf bin2
echo 3 > /proc/sys/vm/drop_caches
cp -r bin bin2 &
sleep 1
kill -s int $!
done
> * on my setup it crashed after a couple of minutes, your mileage may vary.
>
...and sometimes within a couple of seconds.
> The first patch is the actual fix. the other two are cleanups.
>
> Idan Kedar (3):
> pnfs: defer release of pages in layoutget
> pnfs: nfs4_proc_layoutget returns void
> pnfs: use size_t for LAYOUTGET response pages count
>
> fs/nfs/nfs4proc.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++--
> fs/nfs/pnfs.c | 39 +---------------------------------
> fs/nfs/pnfs.h | 2 +-
> 3 files changed, 60 insertions(+), 42 deletions(-)
>
> --
> 1.7.6.5
>
--
idank
Signed-off-by: Idan Kedar <[email protected]>
Signed-off-by: Benny Halevy <[email protected]>
---
fs/nfs/nfs4proc.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 3db9ce7..056c3f0 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6164,13 +6164,13 @@ static void nfs4_layoutget_done(struct rpc_task *task, void *calldata)
dprintk("<-- %s\n", __func__);
}
-static u32 max_response_pages(struct nfs_server *server)
+static size_t max_response_pages(struct nfs_server *server)
{
u32 max_resp_sz = server->nfs_client->cl_session->fc_attrs.max_resp_sz;
return nfs_page_array_len(0, max_resp_sz);
}
-static void free_pagevec(struct page **pages, u32 size)
+static void free_pagevec(struct page **pages, size_t size)
{
int i;
@@ -6185,7 +6185,7 @@ static void free_pagevec(struct page **pages, u32 size)
kfree(pages);
}
-static struct page **alloc_pagevec(u32 size, gfp_t gfp_flags)
+static struct page **alloc_pagevec(size_t size, gfp_t gfp_flags)
{
struct page **pages;
int i;
@@ -6212,7 +6212,7 @@ static void nfs4_layoutget_release(void *calldata)
{
struct nfs4_layoutget *lgp = calldata;
struct nfs_server *server = NFS_SERVER(lgp->args.inode);
- u32 max_pages = max_response_pages(server);
+ size_t max_pages = max_response_pages(server);
dprintk("--> %s\n", __func__);
free_pagevec(lgp->args.layout.pages, max_pages);
@@ -6230,7 +6230,7 @@ static const struct rpc_call_ops nfs4_layoutget_call_ops = {
void nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
{
struct nfs_server *server = NFS_SERVER(lgp->args.inode);
- u32 max_pages = max_response_pages(server);
+ size_t max_pages = max_response_pages(server);
struct rpc_task *task;
struct rpc_message msg = {
.rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_LAYOUTGET],
--
1.7.6.5
since the only user of nfs4_proc_layoutget is send_layoutget, which
ignores its return value, there is no reason to return any value.
Signed-off-by: Idan Kedar <[email protected]>
Signed-off-by: Benny Halevy <[email protected]>
---
fs/nfs/nfs4proc.c | 8 ++++----
fs/nfs/pnfs.h | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 31a7858..3db9ce7 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6227,7 +6227,7 @@ static const struct rpc_call_ops nfs4_layoutget_call_ops = {
.rpc_release = nfs4_layoutget_release,
};
-int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
+void nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
{
struct nfs_server *server = NFS_SERVER(lgp->args.inode);
u32 max_pages = max_response_pages(server);
@@ -6251,7 +6251,7 @@ int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
lgp->args.layout.pages = alloc_pagevec(max_pages, gfp_flags);
if (!lgp->args.layout.pages) {
nfs4_layoutget_release(lgp);
- return -ENOMEM;
+ return;
}
lgp->args.layout.pglen = max_pages * PAGE_SIZE;
@@ -6260,7 +6260,7 @@ int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
nfs41_init_sequence(&lgp->args.seq_args, &lgp->res.seq_res, 0);
task = rpc_run_task(&task_setup_data);
if (IS_ERR(task))
- return PTR_ERR(task);
+ return;
status = nfs4_wait_for_completion_rpc_task(task);
if (status == 0)
status = task->tk_status;
@@ -6268,7 +6268,7 @@ int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags)
status = pnfs_layout_process(lgp);
rpc_put_task(task);
dprintk("<-- %s status=%d\n", __func__, status);
- return status;
+ return;
}
static void
diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h
index 9a31ff3..eda42b9 100644
--- a/fs/nfs/pnfs.h
+++ b/fs/nfs/pnfs.h
@@ -171,7 +171,7 @@ extern int nfs4_proc_getdevicelist(struct nfs_server *server,
struct pnfs_devicelist *devlist);
extern int nfs4_proc_getdeviceinfo(struct nfs_server *server,
struct pnfs_device *dev);
-extern int nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags);
+extern void nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags);
extern int nfs4_proc_layoutreturn(struct nfs4_layoutreturn *lrp);
/* pnfs.c */
--
1.7.6.5
T24gTW9uLCAyMDEyLTA3LTIzIGF0IDEzOjA1ICswMzAwLCBJZGFuIEtlZGFyIHdyb3RlOg0KPiBT
aWduZWQtb2ZmLWJ5OiBJZGFuIEtlZGFyIDxpZGFua0B0b25pYW4uY29tPg0KPiBTaWduZWQtb2Zm
LWJ5OiBCZW5ueSBIYWxldnkgPGJoYWxldnlAdG9uaWFuLmNvbT4NCj4gLS0tDQo+ICBmcy9uZnMv
bmZzNHByb2MuYyB8ICAgMTAgKysrKystLS0tLQ0KPiAgMSBmaWxlcyBjaGFuZ2VkLCA1IGluc2Vy
dGlvbnMoKyksIDUgZGVsZXRpb25zKC0pDQo+IA0KPiBkaWZmIC0tZ2l0IGEvZnMvbmZzL25mczRw
cm9jLmMgYi9mcy9uZnMvbmZzNHByb2MuYw0KPiBpbmRleCAzZGI5Y2U3Li4wNTZjM2YwIDEwMDY0
NA0KPiAtLS0gYS9mcy9uZnMvbmZzNHByb2MuYw0KPiArKysgYi9mcy9uZnMvbmZzNHByb2MuYw0K
PiBAQCAtNjE2NCwxMyArNjE2NCwxMyBAQCBzdGF0aWMgdm9pZCBuZnM0X2xheW91dGdldF9kb25l
KHN0cnVjdCBycGNfdGFzayAqdGFzaywgdm9pZCAqY2FsbGRhdGEpDQo+ICAJZHByaW50aygiPC0t
ICVzXG4iLCBfX2Z1bmNfXyk7DQo+ICB9DQo+ICANCj4gLXN0YXRpYyB1MzIgbWF4X3Jlc3BvbnNl
X3BhZ2VzKHN0cnVjdCBuZnNfc2VydmVyICpzZXJ2ZXIpDQo+ICtzdGF0aWMgc2l6ZV90IG1heF9y
ZXNwb25zZV9wYWdlcyhzdHJ1Y3QgbmZzX3NlcnZlciAqc2VydmVyKQ0KPiAgew0KPiAgCXUzMiBt
YXhfcmVzcF9zeiA9IHNlcnZlci0+bmZzX2NsaWVudC0+Y2xfc2Vzc2lvbi0+ZmNfYXR0cnMubWF4
X3Jlc3Bfc3o7DQo+ICAJcmV0dXJuIG5mc19wYWdlX2FycmF5X2xlbigwLCBtYXhfcmVzcF9zeik7
DQo+ICB9DQo+ICANCj4gLXN0YXRpYyB2b2lkIGZyZWVfcGFnZXZlYyhzdHJ1Y3QgcGFnZSAqKnBh
Z2VzLCB1MzIgc2l6ZSkNCj4gK3N0YXRpYyB2b2lkIGZyZWVfcGFnZXZlYyhzdHJ1Y3QgcGFnZSAq
KnBhZ2VzLCBzaXplX3Qgc2l6ZSkNCj4gIHsNCj4gIAlpbnQgaTsNCj4gIA0KPiBAQCAtNjE4NSw3
ICs2MTg1LDcgQEAgc3RhdGljIHZvaWQgZnJlZV9wYWdldmVjKHN0cnVjdCBwYWdlICoqcGFnZXMs
IHUzMiBzaXplKQ0KPiAgCWtmcmVlKHBhZ2VzKTsNCj4gIH0NCj4gIA0KPiAtc3RhdGljIHN0cnVj
dCBwYWdlICoqYWxsb2NfcGFnZXZlYyh1MzIgc2l6ZSwgZ2ZwX3QgZ2ZwX2ZsYWdzKQ0KPiArc3Rh
dGljIHN0cnVjdCBwYWdlICoqYWxsb2NfcGFnZXZlYyhzaXplX3Qgc2l6ZSwgZ2ZwX3QgZ2ZwX2Zs
YWdzKQ0KPiAgew0KPiAgCXN0cnVjdCBwYWdlICoqcGFnZXM7DQo+ICAJaW50IGk7DQo+IEBAIC02
MjEyLDcgKzYyMTIsNyBAQCBzdGF0aWMgdm9pZCBuZnM0X2xheW91dGdldF9yZWxlYXNlKHZvaWQg
KmNhbGxkYXRhKQ0KPiAgew0KPiAgCXN0cnVjdCBuZnM0X2xheW91dGdldCAqbGdwID0gY2FsbGRh
dGE7DQo+ICAJc3RydWN0IG5mc19zZXJ2ZXIgKnNlcnZlciA9IE5GU19TRVJWRVIobGdwLT5hcmdz
Lmlub2RlKTsNCj4gLQl1MzIgbWF4X3BhZ2VzID0gbWF4X3Jlc3BvbnNlX3BhZ2VzKHNlcnZlcik7
DQo+ICsJc2l6ZV90IG1heF9wYWdlcyA9IG1heF9yZXNwb25zZV9wYWdlcyhzZXJ2ZXIpOw0KPiAg
DQo+ICAJZHByaW50aygiLS0+ICVzXG4iLCBfX2Z1bmNfXyk7DQo+ICAJZnJlZV9wYWdldmVjKGxn
cC0+YXJncy5sYXlvdXQucGFnZXMsIG1heF9wYWdlcyk7DQo+IEBAIC02MjMwLDcgKzYyMzAsNyBA
QCBzdGF0aWMgY29uc3Qgc3RydWN0IHJwY19jYWxsX29wcyBuZnM0X2xheW91dGdldF9jYWxsX29w
cyA9IHsNCj4gIHZvaWQgbmZzNF9wcm9jX2xheW91dGdldChzdHJ1Y3QgbmZzNF9sYXlvdXRnZXQg
KmxncCwgZ2ZwX3QgZ2ZwX2ZsYWdzKQ0KPiAgew0KPiAgCXN0cnVjdCBuZnNfc2VydmVyICpzZXJ2
ZXIgPSBORlNfU0VSVkVSKGxncC0+YXJncy5pbm9kZSk7DQo+IC0JdTMyIG1heF9wYWdlcyA9IG1h
eF9yZXNwb25zZV9wYWdlcyhzZXJ2ZXIpOw0KPiArCXNpemVfdCBtYXhfcGFnZXMgPSBtYXhfcmVz
cG9uc2VfcGFnZXMoc2VydmVyKTsNCj4gIAlzdHJ1Y3QgcnBjX3Rhc2sgKnRhc2s7DQo+ICAJc3Ry
dWN0IHJwY19tZXNzYWdlIG1zZyA9IHsNCj4gIAkJLnJwY19wcm9jID0gJm5mczRfcHJvY2VkdXJl
c1tORlNQUk9DNF9DTE5UX0xBWU9VVEdFVF0sDQoNClRoZXJlIGlzIG5vIHJlYXNvbiB3aHkgeW91
IGNhbid0IGZvbGQgdGhpcyBwYXRjaCBpbnRvIDEvMy4NCg0KLS0gDQpUcm9uZCBNeWtsZWJ1c3QN
CkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lcg0KDQpOZXRBcHANClRyb25kLk15a2xlYnVzdEBu
ZXRhcHAuY29tDQp3d3cubmV0YXBwLmNvbQ0KDQo=