linux/fs/nfs
Olga Kornievskaia c2985d001d Fixing oops in callback path
Commit 80f9642724 ("NFSv4.x: Enforce the ca_maxreponsesize_cached
on the back channel") causes an oops when it receives a callback with
cachethis=yes.

[  109.667378] BUG: unable to handle kernel NULL pointer dereference at 00000000000002c8
[  109.669476] IP: [<ffffffffa08a3e68>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[  109.671216] PGD 0
[  109.671736] Oops: 0000 [#1] SMP
[  109.705427] CPU: 1 PID: 3579 Comm: nfsv4.1-svc Not tainted 4.5.0-rc1+ #1
[  109.706987] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
[  109.709468] task: ffff8800b4408000 ti: ffff88008448c000 task.ti: ffff88008448c000
[  109.711207] RIP: 0010:[<ffffffffa08a3e68>]  [<ffffffffa08a3e68>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[  109.713521] RSP: 0018:ffff88008448fca0  EFLAGS: 00010286
[  109.714762] RAX: ffff880081ee202c RBX: ffff8800b7b5b600 RCX: 0000000000000001
[  109.716427] RDX: 0000000000000008 RSI: 0000000000000008 RDI: 0000000000000000
[  109.718091] RBP: ffff88008448fda8 R08: 0000000000000000 R09: 000000000b000000
[  109.719757] R10: ffff880137786000 R11: ffff8800b7b5b600 R12: 0000000001000000
[  109.721415] R13: 0000000000000002 R14: 0000000053270000 R15: 000000000000000b
[  109.723061] FS:  0000000000000000(0000) GS:ffff880139640000(0000) knlGS:0000000000000000
[  109.724931] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  109.726278] CR2: 00000000000002c8 CR3: 0000000034d50000 CR4: 00000000001406e0
[  109.727972] Stack:
[  109.728465]  ffff880081ee202c ffff880081ee201c 000000008448fcc0 ffff8800baccb800
[  109.730349]  ffff8800baccc800 ffffffffa08d0380 0000000000000000 0000000000000000
[  109.732211]  ffff8800b7b5b600 0000000000000001 ffffffff81d073c0 ffff880081ee3090
[  109.734056] Call Trace:
[  109.734657]  [<ffffffffa03795d4>] svc_process_common+0x5c4/0x6c0 [sunrpc]
[  109.736267]  [<ffffffffa0379a4c>] bc_svc_process+0x1fc/0x360 [sunrpc]
[  109.737775]  [<ffffffffa08a2c2c>] nfs41_callback_svc+0x10c/0x1d0 [nfsv4]
[  109.739335]  [<ffffffff810cb380>] ? prepare_to_wait_event+0xf0/0xf0
[  109.740799]  [<ffffffffa08a2b20>] ? nfs4_callback_svc+0x50/0x50 [nfsv4]
[  109.742349]  [<ffffffff810a6998>] kthread+0xd8/0xf0
[  109.743495]  [<ffffffff810a68c0>] ? kthread_park+0x60/0x60
[  109.744776]  [<ffffffff816abc4f>] ret_from_fork+0x3f/0x70
[  109.746037]  [<ffffffff810a68c0>] ? kthread_park+0x60/0x60
[  109.747324] Code: cc 45 31 f6 48 8b 85 00 ff ff ff 44 89 30 48 8b 85 f8 fe ff ff 44 89 20 48 8b 9d 38 ff ff ff 48 8b bd 30 ff ff ff 48 85 db 74 4c <4c> 8b af c8 02 00 00 4d 8d a5 08 02 00 00 49 81 c5 98 02 00 00
[  109.754361] RIP  [<ffffffffa08a3e68>] nfs4_callback_compound+0x4f8/0x690 [nfsv4]
[  109.756123]  RSP <ffff88008448fca0>
[  109.756951] CR2: 00000000000002c8
[  109.757738] ---[ end trace 2b8555511ab5dfb4 ]---
[  109.758819] Kernel panic - not syncing: Fatal exception
[  109.760126] Kernel Offset: disabled
[  118.938934] ---[ end Kernel panic - not syncing: Fatal exception

It doesn't unlock the table nor does it set the cps->clp pointer which
is later needed by nfs4_cb_free_slot().

Fixes: 80f9642724 ("NFSv4.x: Enforce the ca_maxresponsesize_cached ...")
CC: stable@vger.kernel.org
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2016-05-17 15:45:00 -04:00
..
blocklayout mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
filelayout NFS: Save struct inode * inside nfs_commit_info to clarify usage of i_lock 2016-05-09 09:05:40 -04:00
flexfilelayout nfs: have flexfiles mirror keep creds for both ro and rw layouts 2016-05-09 09:05:40 -04:00
objlayout mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
cache_lib.c
cache_lib.h
callback_proc.c Fixing oops in callback path 2016-05-17 15:45:00 -04:00
callback_xdr.c NFSv4.x: Allow multiple callbacks in flight 2016-01-25 09:36:21 -05:00
callback.c NFS: Enable client side NFSv4.1 backchannel to use other transports 2015-11-02 16:29:13 -05:00
callback.h NFSv4.x: Allow multiple callbacks in flight 2016-01-25 09:36:21 -05:00
client.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
delegation.c NFSv4: Don't use synchronous delegation recall in exception handling 2015-10-08 10:45:53 -04:00
delegation.h NFSv4: Recovery of recalled read delegations is broken 2015-09-20 22:34:16 -04:00
dir.c These changes contains a fix for overlayfs interacting with some 2016-04-07 17:22:20 -07:00
direct.c NFS: Save struct inode * inside nfs_commit_info to clarify usage of i_lock 2016-05-09 09:05:40 -04:00
dns_resolve.c
dns_resolve.h
file.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
fscache-index.c
fscache.c
fscache.h
getroot.c
inode.c These changes contains a fix for overlayfs interacting with some 2016-04-07 17:22:20 -07:00
internal.h mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
iostat.h
Kconfig
Makefile
mount_clnt.c NFS: Remove unneeded NFS_DEBUG checking before define NFSDBG_FACILITY 2015-10-21 15:49:23 -05:00
namespace.c
netns.h
nfs2super.c
nfs2xdr.c
nfs3_fs.h
nfs3acl.c posix acls: Remove duplicate xattr name definitions 2015-12-06 21:25:17 -05:00
nfs3client.c
nfs3proc.c
nfs3super.c
nfs3xdr.c xprtrdma: Fix large NFS SYMLINK calls 2015-08-05 16:21:28 -04:00
nfs4_fs.h NFSv4: Refactor NFSv4 error handling 2015-10-08 10:45:51 -04:00
nfs4client.c nfs4: start callback_ident at idr 1 2015-11-23 21:59:42 -05:00
nfs4file.c These changes contains a fix for overlayfs interacting with some 2016-04-07 17:22:20 -07:00
nfs4getroot.c
nfs4idmap.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
nfs4idmap.h
nfs4namespace.c
nfs4proc.c NFS: Fix an LOCK/OPEN race when unlinking an open file 2016-05-09 09:05:40 -04:00
nfs4renewd.c
nfs4session.c NFSv4.x: Allow multiple callbacks in flight 2016-01-25 09:36:21 -05:00
nfs4session.h NFSv4.x: Allow multiple callbacks in flight 2016-01-25 09:36:21 -05:00
nfs4state.c NFSv4: Don't try to reclaim unused state owners 2015-10-02 15:43:07 -04:00
nfs4super.c
nfs4sysctl.c nfs: do not initialise statics to 0 2015-12-28 09:57:15 -05:00
nfs4trace.c pNFS: Modify pnfs_update_layout tracepoints to use layout stateid 2015-12-28 09:57:14 -05:00
nfs4trace.h Merge branch 'bugfixes' 2016-01-07 18:45:36 -05:00
nfs4xdr.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
nfs42.h nfs42: add CLONE proc functions 2015-10-15 16:07:36 -04:00
nfs42proc.c nfs4: fix stateid handling for the NFS v4.2 operations 2016-02-17 11:38:07 -05:00
nfs42xdr.c nfs42: add CLONE xdr functions 2015-10-15 16:07:21 -04:00
nfs.h
nfsroot.c nfsroot: make nfsroot to accept the 1024 bytes long directory name 2015-10-21 15:49:19 -05:00
nfstrace.c
nfstrace.h NFS: Allow multiple commit requests in flight per file 2015-12-31 13:53:48 -05:00
pagelist.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
pnfs_dev.c
pnfs_nfs.c NFS: Save struct inode * inside nfs_commit_info to clarify usage of i_lock 2016-05-09 09:05:40 -04:00
pnfs.c pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs 2016-05-09 09:05:40 -04:00
pnfs.h pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs 2016-05-09 09:05:40 -04:00
proc.c
read.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
super.c nfs: don't share mounts between network namespaces 2016-05-09 09:05:40 -04:00
symlink.c switch ->get_link() to delayed_call, kill ->put_link() 2015-12-30 13:01:03 -05:00
sysctl.c
unlink.c
write.c NFS: Save struct inode * inside nfs_commit_info to clarify usage of i_lock 2016-05-09 09:05:40 -04:00