Chuck Lever 839f7ad693 NFS: Fix "kernel BUG at fs/aio.c:554!" ... Nick Piggin reports: > I'm getting use after frees in aio code in NFS > > [ 2703.396766] Call Trace: > [ 2703.396858] [<ffffffff8100b057>] ? native_sched_clock+0x27/0x80 > [ 2703.396959] [<ffffffff8108509e>] ? put_lock_stats+0xe/0x40 > [ 2703.397058] [<ffffffff81088348>] ? lock_release_holdtime+0xa8/0x140 > [ 2703.397159] [<ffffffff8108a2a5>] lock_acquire+0x95/0x1b0 > [ 2703.397260] [<ffffffff811627db>] ? aio_put_req+0x2b/0x60 > [ 2703.397361] [<ffffffff81039701>] ? get_parent_ip+0x11/0x50 > [ 2703.397464] [<ffffffff81612a31>] _raw_spin_lock_irq+0x41/0x80 > [ 2703.397564] [<ffffffff811627db>] ? aio_put_req+0x2b/0x60 > [ 2703.397662] [<ffffffff811627db>] aio_put_req+0x2b/0x60 > [ 2703.397761] [<ffffffff811647fe>] do_io_submit+0x2be/0x7c0 > [ 2703.397895] [<ffffffff81164d0b>] sys_io_submit+0xb/0x10 > [ 2703.397995] [<ffffffff8100307b>] system_call_fastpath+0x16/0x1b > > Adding some tracing, it is due to nfs completing the request then > returning something other than -EIOCBQUEUED, so aio.c > also completes the request. To address this, prevent the NFS direct I/O engine from completing async iocbs when the forward path returns an error without starting any I/O. This fix appears to survive ^C during both "xfstest no. 208" and "fsx -Z." It's likely this bug has existed for a very long while, as we are seeing very similar symptoms in OEL 5. Copying stable. Cc: Stable <stable@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>		2011-01-25 15:24:47 -05:00
..
cache_lib.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
cache_lib.h	NFS: Add a dns resolver for use with NFSv4 referrals and migration	2009-08-19 18:22:15 -04:00
callback_proc.c	pnfs: update nfs4_callback_recallany to handle layouts	2011-01-06 14:46:32 -05:00
callback_xdr.c	pnfs: CB_LAYOUTRECALL xdr code	2011-01-06 14:46:32 -05:00
callback.c	NFS rename client back channel transport field	2011-01-06 14:46:25 -05:00
callback.h	pnfs: update nfs4_callback_recallany to handle layouts	2011-01-06 14:46:32 -05:00
client.c	NFS: Move cl_delegations to the nfs_server struct	2011-01-06 14:57:46 -05:00
delegation.c	NFS: Move cl_delegations to the nfs_server struct	2011-01-06 14:57:46 -05:00
delegation.h	NFS: Move cl_delegations to the nfs_server struct	2011-01-06 14:57:46 -05:00
dir.c	NFS: Use d_automount() rather than abusing follow_link()	2011-01-15 20:07:34 -05:00
direct.c	NFS: Fix "kernel BUG at fs/aio.c:554!"	2011-01-25 15:24:47 -05:00
dns_resolve.c	sunrpc: use seconds since boot in expiry cache	2010-09-07 19:21:20 -04:00
dns_resolve.h	NFS: Use kernel DNS resolver [ver #2]	2010-08-11 17:11:28 +00:00
file.c	NFS: Fix fcntl F_GETLK not reporting some conflicts	2010-12-07 19:30:43 -05:00
fscache-index.c	NFS: Add read context retention for FS-Cache to call back with	2009-04-03 16:42:44 +01:00
fscache.c	NFS: Squelch compiler warning	2010-05-14 15:09:31 -04:00
fscache.h	NFS: Propagate 'fsc' mount option through automounts	2009-09-23 14:36:39 -04:00
getroot.c	switch nfs to ->s_d_op	2011-01-12 20:02:45 -05:00
idmap.c	nfs: fix mispelling of idmap CONFIG symbol	2011-01-04 13:10:39 -05:00
inode.c	NFS: Use d_automount() rather than abusing follow_link()	2011-01-15 20:07:34 -05:00
internal.h	NFS: Use d_automount() rather than abusing follow_link()	2011-01-15 20:07:34 -05:00
iostat.h	NFS: Squelch compiler warning in nfs_add_server_stats()	2010-05-14 15:09:31 -04:00
Kconfig	lockd: push lock_flocks down	2010-10-27 21:39:39 +02:00
Makefile	NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET and GETDEVICEINFO infrastructure	2010-10-24 18:07:11 -04:00
mount_clnt.c	NFS: Remove redundant unlikely()	2010-12-21 11:51:23 -05:00
namespace.c	Unexport do_add_mount() and add in follow_automount(), not ->d_automount()	2011-01-15 20:07:48 -05:00
nfs2xdr.c	Merge branch 'bugfixes' into nfs-for-2.6.38	2011-01-10 14:48:02 -05:00
nfs3acl.c	NFS: Reduce stack footprint of nfs3_proc_getacl() and nfs3_proc_setacl()	2010-05-14 15:09:28 -04:00
nfs3proc.c	NFS: readdir with vmapped pages	2010-10-23 15:27:35 -04:00
nfs3xdr.c	Merge branch 'bugfixes' into nfs-for-2.6.38	2011-01-10 14:48:02 -05:00
nfs4_fs.h	NFS: Move cl_state_owners and related fields to the nfs_server struct	2011-01-06 14:47:57 -05:00
nfs4filelayout.c	pnfs: add prefix to struct pnfs_layout_hdr fields	2011-01-06 14:46:31 -05:00
nfs4filelayout.h	NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET and GETDEVICEINFO infrastructure	2010-10-24 18:07:11 -04:00
nfs4filelayoutdev.c	NFS4: Avoid potential NULL pointer dereference in decode_and_add_ds().	2011-01-25 15:24:46 -05:00
nfs4namespace.c	NFSv4: Fix up the documentation for nfs_do_refmount	2010-05-14 15:09:29 -04:00
nfs4proc.c	NFS fix the setting of exchange id flag	2011-01-11 14:17:09 -05:00
nfs4renewd.c	NFS: Move cl_delegations to the nfs_server struct	2011-01-06 14:57:46 -05:00
nfs4state.c	NFS: Move cl_state_owners and related fields to the nfs_server struct	2011-01-06 14:47:57 -05:00
nfs4xdr.c	Merge branch 'bugfixes' into nfs-for-2.6.38	2011-01-10 14:48:02 -05:00
nfsroot.c	NFS: Fix a compile issue in nfs_root	2010-10-26 13:56:42 -04:00
pagelist.c	nfs: Take advantage of kmem_cache_zalloc() in nfs_page_alloc()	2010-12-21 11:51:24 -05:00
pnfs.c	pnfs: layout roc code	2011-01-06 14:46:32 -05:00
pnfs.h	pnfs: layout roc code	2011-01-06 14:46:32 -05:00
proc.c	NFS: Don't leak in nfs_proc_symlink()	2011-01-04 13:10:36 -05:00
read.c	nfs: remove extraneous and problematic calls to nfs_clear_request	2010-12-07 23:02:44 -05:00
super.c	switch nfs to ->s_d_op	2011-01-12 20:02:45 -05:00
symlink.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
sysctl.c	NFS: new idmapper	2010-10-07 18:48:49 -04:00
unlink.c	Merge branch 'nfs-for-2.6.38' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6	2011-01-11 15:11:56 -08:00
write.c	NFS: fix handling of malloc failure during nfs_flush_multi()	2011-01-19 15:37:49 -05:00