Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-10-23 21:50:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
4b0ab51db3
linux/fs/nfs
History
Kinglong Mee 3ec0c97959 nfs/filelayout: Fix NULL reference caused by double freeing of fh_array 
If filelayout_decode_layout fail, _filelayout_free_lseg will causes
a double freeing of fh_array.

[ 1179.279800] BUG: unable to handle kernel NULL pointer dereference at           (null)
[ 1179.280198] IP: [<ffffffffa027222d>] filelayout_free_fh_array.isra.11+0x1d/0x70 [nfs_layout_nfsv41_files]
[ 1179.281010] PGD 0
[ 1179.281443] Oops: 0000 [#1]
[ 1179.281831] Modules linked in: nfs_layout_nfsv41_files(OE) nfsv4(OE) nfs(OE) fscache(E) xfs libcrc32c coretemp nfsd crct10dif_pclmul ppdev crc32_pclmul crc32c_intel auth_rpcgss ghash_clmulni_intel nfs_acl lockd vmw_balloon grace sunrpc parport_pc vmw_vmci parport shpchp i2c_piix4 vmwgfx drm_kms_helper ttm drm serio_raw mptspi scsi_transport_spi mptscsih e1000 mptbase ata_generic pata_acpi [last unloaded: fscache]
[ 1179.283891] CPU: 0 PID: 13336 Comm: cat Tainted: G           OE   4.3.0-rc1-pnfs+ #244
[ 1179.284323] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[ 1179.285206] task: ffff8800501d48c0 ti: ffff88003e3c4000 task.ti: ffff88003e3c4000
[ 1179.285668] RIP: 0010:[<ffffffffa027222d>]  [<ffffffffa027222d>] filelayout_free_fh_array.isra.11+0x1d/0x70 [nfs_layout_nfsv41_files]
[ 1179.286612] RSP: 0018:ffff88003e3c77f8  EFLAGS: 00010202
[ 1179.287092] RAX: 0000000000000000 RBX: ffff88001fe78900 RCX: 0000000000000000
[ 1179.287731] RDX: ffffea0000f40760 RSI: ffff88001fe789c8 RDI: ffff88001fe789c0
[ 1179.288383] RBP: ffff88003e3c7810 R08: ffffea0000f40760 R09: 0000000000000000
[ 1179.289170] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88001fe789c8
[ 1179.289959] R13: ffff88001fe789c0 R14: ffff88004ec05a80 R15: ffff88004f935b88
[ 1179.290791] FS:  00007f4e66bb5700(0000) GS:ffffffff81c29000(0000) knlGS:0000000000000000
[ 1179.291580] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1179.292209] CR2: 0000000000000000 CR3: 00000000203f8000 CR4: 00000000001406f0
[ 1179.292731] Stack:
[ 1179.293195]  ffff88001fe78900 00000000000000d0 ffff88001fe78178 ffff88003e3c7868
[ 1179.293676]  ffffffffa0272737 0000000000000001 0000000000000001 ffff88001fe78800
[ 1179.294151]  00000000614fffce ffffffff81727671 ffff88001fe78100 ffff88001fe78100
[ 1179.294623] Call Trace:
[ 1179.295092]  [<ffffffffa0272737>] filelayout_alloc_lseg+0xa7/0x2d0 [nfs_layout_nfsv41_files]
[ 1179.295625]  [<ffffffff81727671>] ? out_of_line_wait_on_bit+0x81/0xb0
[ 1179.296133]  [<ffffffffa040407e>] pnfs_layout_process+0xae/0x320 [nfsv4]
[ 1179.296632]  [<ffffffffa03e0a01>] nfs4_proc_layoutget+0x2b1/0x360 [nfsv4]
[ 1179.297134]  [<ffffffffa0402983>] pnfs_update_layout+0x853/0xb30 [nfsv4]
[ 1179.297632]  [<ffffffffa039db24>] ? nfs_get_lock_context+0x74/0x170 [nfs]
[ 1179.298158]  [<ffffffffa0271807>] filelayout_pg_init_read+0x37/0x50 [nfs_layout_nfsv41_files]
[ 1179.298834]  [<ffffffffa03a72d9>] __nfs_pageio_add_request+0x119/0x460 [nfs]
[ 1179.299385]  [<ffffffffa03a6bd7>] ? nfs_create_request.part.9+0x37/0x2e0 [nfs]
[ 1179.299872]  [<ffffffffa03a7cc3>] nfs_pageio_add_request+0xa3/0x1b0 [nfs]
[ 1179.300362]  [<ffffffffa03a8635>] readpage_async_filler+0x85/0x260 [nfs]
[ 1179.300907]  [<ffffffff81180cb1>] read_cache_pages+0x91/0xd0
[ 1179.301391]  [<ffffffffa03a85b0>] ? nfs_read_completion+0x220/0x220 [nfs]
[ 1179.301867]  [<ffffffffa03a8dc8>] nfs_readpages+0x128/0x200 [nfs]
[ 1179.302330]  [<ffffffff81180ef3>] __do_page_cache_readahead+0x203/0x280
[ 1179.302784]  [<ffffffff81180dc8>] ? __do_page_cache_readahead+0xd8/0x280
[ 1179.303413]  [<ffffffff81181116>] ondemand_readahead+0x1a6/0x2f0
[ 1179.303855]  [<ffffffff81181371>] page_cache_sync_readahead+0x31/0x50
[ 1179.304286]  [<ffffffff811750a6>] generic_file_read_iter+0x4a6/0x5c0
[ 1179.304711]  [<ffffffffa03a0316>] ? __nfs_revalidate_mapping+0x1f6/0x240 [nfs]
[ 1179.305132]  [<ffffffffa039ccf2>] nfs_file_read+0x52/0xa0 [nfs]
[ 1179.305540]  [<ffffffff811e343c>] __vfs_read+0xcc/0x100
[ 1179.305936]  [<ffffffff811e3d15>] vfs_read+0x85/0x130
[ 1179.306326]  [<ffffffff811e4a98>] SyS_read+0x58/0xd0
[ 1179.306708]  [<ffffffff8172caaf>] entry_SYSCALL_64_fastpath+0x12/0x76
[ 1179.307094] Code: c4 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 8b 07 49 89 f4 85 c0 74 47 48 8b 06 49 89 fd <48> 8b 38 48 85 ff 74 22 31 db eb 0c 48 63 d3 48 8b 3c d0 48 85
[ 1179.308357] RIP  [<ffffffffa027222d>] filelayout_free_fh_array.isra.11+0x1d/0x70 [nfs_layout_nfsv41_files]
[ 1179.309177]  RSP <ffff88003e3c77f8>
[ 1179.309582] CR2: 0000000000000000

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2015-09-17 18:10:28 -04:00
..
blocklayout NFS client updates for Linux 4.3 2015-09-07 14:02:24 -07:00
filelayout nfs/filelayout: Fix NULL reference caused by double freeing of fh_array 2015-09-17 18:10:28 -04:00
flexfilelayout NFSv4.1/flexfiles: Clean up ff_layout_write_done_cb/ff_layout_commit_done_cb 2015-09-02 15:24:54 -07:00
objlayout NFSv4.1/pnfs: Separate out metadata and data consistency for pNFS 2015-03-27 12:39:38 -04:00
cache_lib.c NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
cache_lib.h NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
callback_proc.c NFSv4: Add a tracepoint for CB_LAYOUTRECALL 2015-08-25 14:40:06 -04:00
callback_xdr.c NFS: Convert use of __constant_htonl to htonl 2015-06-10 18:57:59 -04:00
callback.c NFS client updates for Linux 4.3 2015-09-07 14:02:24 -07:00
callback.h NFS: Add in v4.2 callback operation 2013-06-08 16:20:18 -04:00
client.c NFS: Use RPC functions for matching sockaddrs 2015-08-17 13:29:51 -05:00
delegation.c NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
delegation.h NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
dir.c NFS: Rename nfs_readdir_free_pagearray() and nfs_readdir_large_page() 2015-08-17 13:29:31 -05:00
direct.c NFS client updates for Linux 4.1 2015-04-26 17:33:59 -07:00
dns_resolve.c NFS: Enabling v4.2 should not recompile nfsd and lockd 2013-11-19 16:20:40 -05:00
dns_resolve.h
file.c NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
fscache-index.c NFS: Fabricate fscache server index key correctly 2014-09-25 21:25:18 -04:00
fscache.c nfs: define nfs_inc_fscache_stats and using it as possible 2014-11-24 20:08:47 -05:00
fscache.h NFS: Use i_writecount to control whether to get an fscache cookie in nfs_open() 2013-09-27 18:40:25 +01:00
getroot.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
inode.c Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files" 2015-09-04 16:54:29 -04:00
internal.h NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
iostat.h nfs: define nfs_inc_fscache_stats and using it as possible 2014-11-24 20:08:47 -05:00
Kconfig kernel: conditionally support non-root users, groups and capabilities 2015-04-15 16:35:22 -07:00
Makefile NFS: Rename idmap.c to nfs4idmap.c 2015-04-23 15:16:14 -04:00
mount_clnt.c nfs: have nfs_mount fake up a auth_flavs list when the server didn't provide it 2013-06-28 15:51:51 -04:00
namespace.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
netns.h pnfs/blocklayout: serialize GETDEVICEINFO calls 2014-11-12 14:22:52 -05:00
nfs.h
nfs2super.c
nfs2xdr.c nfs: save server READ/WRITE/COMMIT status 2015-02-03 11:06:40 -08:00
nfs3_fs.h nfsv3: introduce nfs3_set_ds_client 2015-02-03 11:06:34 -08:00
nfs3acl.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3client.c nfs: set hostname when creating nfsv3 ds connection 2015-02-03 11:06:38 -08:00
nfs3proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3super.c nfsv3: introduce nfs3_set_ds_client 2015-02-03 11:06:34 -08:00
nfs3xdr.c xprtrdma: Fix large NFS SYMLINK calls 2015-08-05 16:21:28 -04:00
nfs4_fs.h NFS: Remove nfs41_server_notify_{target|highest}_slotid_update() 2015-08-17 13:32:00 -05:00
nfs4client.c NFS: Use RPC functions for matching sockaddrs 2015-08-17 13:29:51 -05:00
nfs4file.c NFSv4: Respect the server imposed limit on how many changes we may cache 2015-09-07 12:36:17 -04:00
nfs4getroot.c nfs: Remove invalid NFS_ATTR_FATTR_V4_REFERRAL checking in nfs4_get_rootfh 2015-07-01 11:31:22 -04:00
nfs4idmap.c NFS: Combine nfs_idmap_{init|quit}() and nfs_idmap_{init|quit}_keyring() 2015-08-17 13:29:56 -05:00
nfs4idmap.h NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4namespace.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs4proc.c nfs: Remove unneeded checking of the return value from scnprintf 2015-09-01 15:19:40 -07:00
nfs4renewd.c NFSv4.1: Fix an NFSv4.1 state renewal regression 2014-09-30 17:18:42 -04:00
nfs4session.c NFSv4.1: Don't set up a backchannel if the server didn't agree to do so 2015-02-18 12:30:47 -08:00
nfs4session.h NFSv4.1: Clear the old state by our client id before establishing a new lease 2015-03-03 21:52:30 -05:00
nfs4state.c Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount 2015-09-17 15:48:11 -04:00
nfs4super.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4sysctl.c NFS: Move nfs_idmap.h into fs/nfs/ 2015-04-23 15:16:14 -04:00
nfs4trace.c NFSv4.1: Add tracepoints for debugging slot table operations 2013-08-22 08:58:27 -04:00
nfs4trace.h NFSv4: Add a tracepoint for CB_LAYOUTRECALL 2015-08-25 14:40:06 -04:00
nfs4xdr.c NFSv4: Express delegation limit in units of pages 2015-09-07 12:36:13 -04:00
nfs42.h nfs42: remove unused declaration 2015-08-25 20:06:56 -04:00
nfs42proc.c nfs: fix v4.2 SEEK on files over 2 gigs 2015-09-17 15:48:23 -04:00
nfs42xdr.c nfs42: decode_layoutstats does not need res parameter 2015-08-25 20:06:56 -04:00
nfsroot.c NFS: a couple off by ones 2015-01-30 20:43:30 -05:00
nfstrace.c NFSv4: Allow tracing of NFSv4 fsync calls 2015-03-27 12:39:34 -04:00
nfstrace.h NFS: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping 2014-01-27 15:35:56 -05:00
pagelist.c nfs: fix pg_test page count calculation 2015-09-17 15:48:23 -04:00
pnfs_dev.c NFSv4.1: Don't cache deviceids that have no notifications 2015-03-27 12:32:24 -04:00
pnfs_nfs.c NFS41: fix list splice type 2015-08-20 13:43:53 -05:00
pnfs.c NFSv4.1/pNFS: Don't request a minimal read layout beyond the end of file 2015-08-31 02:05:47 -07:00
pnfs.h NFSv4.1/flexfiles: Allow coalescing of new layout segments and existing ones 2015-08-25 19:42:43 -04:00
proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
read.c NFS client updates for Linux 4.1 2015-04-26 17:33:59 -07:00
super.c NFS: Error out when register_shrinker fail in register_nfs_fs 2015-08-12 14:42:23 -04:00
symlink.c don't pass nameidata to ->follow_link() 2015-05-10 22:20:15 -04:00
sysctl.c nfs: convert use of typedef ctl_table to struct ctl_table 2014-06-06 16:08:16 -07:00
unlink.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
write.c NFS: Rename nfs_commit_unstable_pages() to nfs_write_inode() 2015-08-17 13:32:32 -05:00