iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Trond Myklebust 0a377cff94 NFS: Fix an Oops in the NFSv4 atomic open code 
Adam Lackorzynski reports:

with 2.6.35.2 I'm getting this reproducible Oops:

[  110.825396] BUG: unable to handle kernel NULL pointer dereference at
(null)
[  110.828638] IP: [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
[  110.828638] PGD be89f067 PUD bf18f067 PMD 0
[  110.828638] Oops: 0000 [#1] SMP
[  110.828638] last sysfs file: /sys/class/net/lo/operstate
[  110.828638] CPU 2
[  110.828638] Modules linked in: rtc_cmos rtc_core rtc_lib amd64_edac_mod
i2c_amd756 edac_core i2c_core dm_mirror dm_region_hash dm_log dm_snapshot
sg sr_mod usb_storage ohci_hcd mptspi tg3 mptscsih mptbase usbcore nls_base
[last unloaded: scsi_wait_scan]
[  110.828638]
[  110.828638] Pid: 11264, comm: setchecksum Not tainted 2.6.35.2 #1
[  110.828638] RIP: 0010:[<ffffffff811247b7>]  [<ffffffff811247b7>]
encode_attrs+0x1a/0x2a4
[  110.828638] RSP: 0000:ffff88003bf5b878  EFLAGS: 00010296
[  110.828638] RAX: ffff8800bddb48a8 RBX: ffff88003bf5bb18 RCX:
0000000000000000
[  110.828638] RDX: ffff8800be258800 RSI: 0000000000000000 RDI:
ffff88003bf5b9f8
[  110.828638] RBP: 0000000000000000 R08: ffff8800bddb48a8 R09:
0000000000000004
[  110.828638] R10: 0000000000000003 R11: ffff8800be779000 R12:
ffff8800be258800
[  110.828638] R13: ffff88003bf5b9f8 R14: ffff88003bf5bb20 R15:
ffff8800be258800
[  110.828638] FS:  0000000000000000(0000) GS:ffff880041e00000(0063)
knlGS:00000000556bd6b0
[  110.828638] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
[  110.828638] CR2: 0000000000000000 CR3: 00000000be8ef000 CR4:
00000000000006e0
[  110.828638] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[  110.828638] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[  110.828638] Process setchecksum (pid: 11264, threadinfo
ffff88003bf5a000, task ffff88003f232210)
[  110.828638] Stack:
[  110.828638]  0000000000000000 ffff8800bfbcf920 0000000000000000
0000000000000ffe
[  110.828638] <0> 0000000000000000 0000000000000000 0000000000000000
0000000000000000
[  110.828638] <0> 0000000000000000 0000000000000000 0000000000000000
0000000000000000
[  110.828638] Call Trace:
[  110.828638]  [<ffffffff81124c1f>] ? nfs4_xdr_enc_setattr+0x90/0xb4
[  110.828638]  [<ffffffff81371161>] ? call_transmit+0x1c3/0x24a
[  110.828638]  [<ffffffff813774d9>] ? __rpc_execute+0x78/0x22a
[  110.828638]  [<ffffffff81371a91>] ? rpc_run_task+0x21/0x2b
[  110.828638]  [<ffffffff81371b7e>] ? rpc_call_sync+0x3d/0x5d
[  110.828638]  [<ffffffff8111e284>] ? _nfs4_do_setattr+0x11b/0x147
[  110.828638]  [<ffffffff81109466>] ? nfs_init_locked+0x0/0x32
[  110.828638]  [<ffffffff810ac521>] ? ifind+0x4e/0x90
[  110.828638]  [<ffffffff8111e2fb>] ? nfs4_do_setattr+0x4b/0x6e
[  110.828638]  [<ffffffff8111e634>] ? nfs4_do_open+0x291/0x3a6
[  110.828638]  [<ffffffff8111ed81>] ? nfs4_open_revalidate+0x63/0x14a
[  110.828638]  [<ffffffff811056c4>] ? nfs_open_revalidate+0xd7/0x161
[  110.828638]  [<ffffffff810a2de4>] ? do_lookup+0x1a4/0x201
[  110.828638]  [<ffffffff810a4733>] ? link_path_walk+0x6a/0x9d5
[  110.828638]  [<ffffffff810a42b6>] ? do_last+0x17b/0x58e
[  110.828638]  [<ffffffff810a5fbe>] ? do_filp_open+0x1bd/0x56e
[  110.828638]  [<ffffffff811cd5e0>] ? _atomic_dec_and_lock+0x30/0x48
[  110.828638]  [<ffffffff810a9b1b>] ? dput+0x37/0x152
[  110.828638]  [<ffffffff810ae063>] ? alloc_fd+0x69/0x10a
[  110.828638]  [<ffffffff81099f39>] ? do_sys_open+0x56/0x100
[  110.828638]  [<ffffffff81027a22>] ? ia32_sysret+0x0/0x5
[  110.828638] Code: 83 f1 01 e8 f5 ca ff ff 48 83 c4 50 5b 5d 41 5c c3 41
57 41 56 41 55 49 89 fd 41 54 49 89 d4 55 48 89 f5 53 48 81 ec 18 01 00 00
<8b> 06 89 c2 83 e2 08 83 fa 01 19 db 83 e3 f8 83 c3 18 a8 01 8d
[  110.828638] RIP  [<ffffffff811247b7>] encode_attrs+0x1a/0x2a4
[  110.828638]  RSP <ffff88003bf5b878>
[  110.828638] CR2: 0000000000000000
[  112.840396] ---[ end trace 95282e83fd77358f ]---

We need to ensure that the O_EXCL flag is turned off if the user doesn't
set O_CREAT.

Cc: stable@kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2010-08-18 09:25:42 -04:00
..
9p
9p: fix sparse warnings in new xattr code
2010-08-02 14:28:38 -05:00
adfs
kill spurious reference to vmtruncate
2010-05-27 22:15:42 -04:00
affs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
afs
AFS: Fix the module init error handling
2010-08-07 14:23:37 -07:00
autofs
fs/: do not fallback to default_llseek() when readdir() uses BKL
2010-05-27 09:12:56 -07:00
autofs4
fs/autofs4: use memdup_user
2010-05-27 09:12:41 -07:00
befs
fix typos concerning "initiali[zs]e"
2010-06-16 18:05:05 +02:00
bfs
rename the generic fsync implementations
2010-05-27 22:06:06 -04:00
btrfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable
2010-07-19 19:33:02 -07:00
cachefiles
fscache: convert operation to use workqueue instead of slow-work
2010-07-22 22:58:47 +02:00
ceph
ceph: use complete_all and wake_up_all
2010-07-27 13:11:17 -07:00
cifs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
2010-08-07 12:54:46 -07:00
coda
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
configfs
fix setattr error handling in sysfs, configfs
2010-06-04 17:16:29 -04:00
cramfs
debugfs
Add x64 support to debugfs
2010-05-19 22:41:57 -04:00
devpts
Simplify devpts_get_sb() failure exits
2010-05-21 18:31:12 -04:00
dlm
fs/dlm: Drop unnecessary null test
2010-08-05 14:23:45 -05:00
ecryptfs
Merge branch 'master' into for-next
2010-08-04 15:14:38 +02:00
efs
exofs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
exportfs
ext2
ext2: update ctime when changing the file's permission by setfacl
2010-06-25 01:20:37 +02:00
ext3
ext3: Fix dirtying of journalled buffers in data=journal mode
2010-08-05 21:28:28 +02:00
ext4
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2010-08-07 13:03:53 -07:00
fat
fat: convert to use the new truncate convention.
2010-05-27 22:16:02 -04:00
freevxfs
Merge branch 'master' into for-next
2010-06-16 18:08:13 +02:00
fscache
fscache: fix build on !CONFIG_SYSCTL
2010-07-24 11:10:09 +02:00
fuse
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2010-08-07 13:18:36 -07:00
gfs2
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2010-08-07 12:57:07 -07:00
hfs
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
hfsplus
hfsplus: Push down BKL into ioctl function
2010-05-17 05:27:03 +02:00
hostfs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
hpfs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
hppfs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
hugetlbfs
rename the generic fsync implementations
2010-05-27 22:06:06 -04:00
isofs
fs/: do not fallback to default_llseek() when readdir() uses BKL
2010-05-27 09:12:56 -07:00
jbd
ext3: Fix set but unused variables
2010-07-21 16:01:47 +02:00
jbd2
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2010-08-07 13:03:53 -07:00
jffs2
Fix up trivial spelling errors ('taht' -> 'that')
2010-07-21 09:25:42 -07:00
jfs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2010-05-30 09:11:11 -07:00
lockd
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
logfs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
minix
Minix: Clean up left over label
2010-06-04 17:16:30 -04:00
ncpfs
Fix comment spelling errors in ncpfs/inode.c
2010-06-28 11:56:32 +02:00
nfs
NFS: Fix an Oops in the NFSv4 atomic open code
2010-08-18 09:25:42 -04:00
nfs_common
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
nfsd
NFS: Fix the selection of security flavours in Kconfig
2010-08-17 17:42:45 -04:00
nilfs2
nilfs2: reject filesystem with unsupported block size
2010-07-25 23:29:21 +09:00
nls
notify
Saner locking around deactivate_super()
2010-05-21 18:31:14 -04:00
ntfs
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
ocfs2
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2010-08-07 13:03:53 -07:00
omfs
rename the generic fsync implementations
2010-05-27 22:06:06 -04:00
openpromfs
partitions
Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2010-08-06 09:23:07 -07:00
proc
oom: deprecate oom_adj tunable
2010-08-09 20:45:02 -07:00
qnx4
rename the generic fsync implementations
2010-05-27 22:06:06 -04:00
quota
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2010-08-07 12:57:07 -07:00
ramfs
fs: convert simple fs to new truncate
2010-05-27 22:15:47 -04:00
reiserfs
Merge branch 'master' into for-next
2010-06-16 18:08:13 +02:00
romfs
fix leak in romfs_fill_super()
2010-01-26 22:22:26 -05:00
smbfs
kill spurious reference to vmtruncate
2010-05-27 22:15:42 -04:00
squashfs
squashfs: fix name reading in squashfs_xattr_get
2010-05-23 08:27:42 +01:00
sysfs
sysfs: sysfs_chmod_file's attr can be const
2010-08-05 13:53:34 -07:00
sysv
sysvfs: fix NULL deref. when allocating new inode
2010-06-29 15:29:32 -07:00
ubifs
Merge branch 'linux-next' of git://git.infradead.org/ubifs-2.6
2010-08-03 14:37:02 -07:00
udf
udf: super.c Fix warning: variable 'sbi' set but not used
2010-08-02 14:57:40 +02:00
ufs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2010-05-30 09:11:11 -07:00
xfs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2010-08-07 12:57:07 -07:00
aio.c
aio: fix wrong subsystem comments
2010-08-05 13:21:23 -07:00
anon_inodes.c
Revert "anon_inode: set S_IFREG on the anon_inode"
2010-05-27 22:03:05 -04:00
attr.c
fs: introduce new truncate sequence
2010-05-27 22:15:33 -04:00
bad_inode.c
drop unused dentry argument to ->fsync
2010-05-27 22:05:02 -04:00
binfmt_aout.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
binfmt_elf_fdpic.c
binfmt_elf_fdpic: Fix clear_user() error handling
2010-06-01 08:11:06 -07:00
binfmt_elf.c
coredump: pass mm->flags as a coredump parameter for consistency
2010-03-06 11:26:46 -08:00
binfmt_em86.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
binfmt_flat.c
flat: tweak default stack alignment
2010-06-29 15:29:31 -07:00
binfmt_misc.c
binfmt_script.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
binfmt_som.c
Split 'flush_old_exec' into two functions
2010-01-29 08:22:01 -08:00
bio-integrity.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
bio.c
Merge branch 'master' into for-linus
2010-03-19 08:05:10 +01:00
block_dev.c
block_dev: always serialize exclusive open attempts
2010-08-04 11:17:10 -07:00
buffer.c
fs: introduce new truncate sequence
2010-05-27 22:15:33 -04:00
char_dev.c
Fix init ordering of /dev/console vs callers of modprobe
2010-08-06 09:17:02 -07:00
compat_binfmt_elf.c
elf coredump: replace ELF_CORE_EXTRA_* macros by functions
2010-03-06 11:26:45 -08:00
compat_ioctl.c
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2010-08-04 15:31:02 -07:00
compat.c
vfs: fix warning: 'dirent' is used uninitialized in this function
2010-08-09 20:45:05 -07:00
dcache.c
mm: add context argument to shrinker callback
2010-07-19 14:56:17 +10:00
dcookies.c
direct-io.c
direct-io: move aio_complete into ->end_io
2010-07-27 11:56:06 -04:00
drop_caches.c
new helper: iterate_supers()
2010-05-21 18:31:16 -04:00
eventfd.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
eventpoll.c
sched, wait: Use wrapper functions
2010-05-11 17:43:58 +02:00
exec.c
Merge branch 'bkl/core' of git://git.kernel.org/pub/scm/linux/kernel/git/frederic/random-tracing
2010-08-07 17:06:54 -07:00
fcntl.c
fs/fcntl.c:kill_fasync_rcu() fa_lock must be IRQ-safe
2010-06-29 15:29:32 -07:00
fifo.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
file_table.c
get rid of the magic around f_count in aio
2010-05-27 22:03:07 -04:00
file.c
fs: remove all rcu head initializations, except on_stack initializations
2010-06-14 16:37:26 -07:00
filesystems.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
fs_struct.c
fs-writeback.c
mm: avoid resetting wb_start after each writeback round
2010-08-09 20:45:03 -07:00
generic_acl.c
fs: xattr_handler table should be const
2010-05-21 18:31:18 -04:00
inode.c
mm: add context argument to shrinker callback
2010-07-19 14:56:17 +10:00
internal.h
Bury __put_super_and_need_restart()
2010-05-21 18:31:16 -04:00
ioctl.c
Introduce freeze_super and thaw_super for the fsfreeze ioctl
2010-05-21 18:31:18 -04:00
ioprio.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
Kconfig
fs/Kconfig: Fix typo Userpace -> Userspace
2010-07-20 17:30:22 +02:00
Kconfig.binfmt
libfs.c
wrong type for 'magic' argument in simple_fill_super()
2010-06-04 17:16:28 -04:00
locks.c
Merge branch 'for-next' into for-linus
2010-03-08 16:55:37 +01:00
Makefile
Take statfs variants to fs/statfs.c
2010-05-21 18:31:17 -04:00
mbcache.c
mm: add context argument to shrinker callback
2010-07-19 14:56:17 +10:00
mpage.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
namei.c
security: make LSMs explicitly mask off permissions
2010-08-02 15:35:07 +10:00
namespace.c
Merge branch 'next' into for-linus
2010-05-18 08:57:00 +10:00
nfsctl.c
Switch may_open() and break_lease() to passing O_...
2010-03-03 13:00:21 -05:00
no-block.c
open.c
vfs: re-introduce MAY_CHDIR
2010-08-02 15:35:06 +10:00
pipe.c
pipe: fix check in "set size" fcntl
2010-06-10 19:08:34 +02:00
pnode.c
Kill CL_PROPAGATION, sanitize fs/pnode.c:get_source()
2010-03-03 13:00:22 -05:00
pnode.h
VFS: Clean up shared mount flag propagation
2010-03-03 14:07:55 -05:00
posix_acl.c
read_write.c
vfs: introduce noop_llseek()
2010-05-27 09:12:56 -07:00
read_write.h
readdir.c
vfs: fix warning: 'dirent' is used uninitialized in this function
2010-08-09 20:45:05 -07:00
select.c
Add generic sys_old_select()
2010-03-12 15:52:32 -08:00
seq_file.c
seq_file: fix new kernel-doc warnings
2010-03-07 15:48:26 -08:00
signalfd.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
splice.c
splice: check f_mode for seekable file
2010-06-30 08:12:37 +02:00
stack.c
VFS/fsstack: handle 32-bit smp + preempt + large files in fsstack_copy_inode_size
2009-12-17 10:58:17 -05:00
stat.c
Add unlocked version of inode_add_bytes() function
2009-12-23 13:33:54 +01:00
statfs.c
Take statfs variants to fs/statfs.c
2010-05-21 18:31:17 -04:00
super.c
fs: fix superblock iteration race
2010-06-29 10:38:22 -07:00
sync.c
Merge branch 'master' into for-linus
2010-06-01 12:42:12 +02:00
timerfd.c
fs/timerfd.c: make use of wait_event_interruptible_locked_irq()
2010-05-20 13:21:42 -07:00
utimes.c
xattr_acl.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
xattr.c
fs: xattr_handler table should be const
2010-05-21 18:31:18 -04:00