iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Jeff Layton db2efec0ca nfs: take extra reference to fl->fl_file when running a LOCKU operation 
Jean reported another crash, similar to the one fixed by feaff8e5b2cf:

    BUG: unable to handle kernel NULL pointer dereference at 0000000000000148
    IP: [<ffffffff8124ef7f>] locks_get_lock_context+0xf/0xa0
    PGD 0
    Oops: 0000 [#1] SMP
    Modules linked in: nfsv3 nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache vmw_vsock_vmci_transport vsock cfg80211 rfkill coretemp crct10dif_pclmul ppdev vmw_balloon crc32_pclmul crc32c_intel ghash_clmulni_intel pcspkr vmxnet3 parport_pc i2c_piix4 microcode serio_raw parport nfsd floppy vmw_vmci acpi_cpufreq auth_rpcgss shpchp nfs_acl lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi scsi_transport_spi mptscsih ata_generic mptbase i2c_core pata_acpi
    CPU: 0 PID: 329 Comm: kworker/0:1H Not tainted 4.1.0-rc7+ #2
    Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/30/2013
    Workqueue: rpciod rpc_async_schedule [sunrpc]
    30ec000
    RIP: 0010:[<ffffffff8124ef7f>]  [<ffffffff8124ef7f>] locks_get_lock_context+0xf/0xa0
    RSP: 0018:ffff8802330efc08  EFLAGS: 00010296
    RAX: ffff8802330efc58 RBX: ffff880097187c80 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
    RBP: ffff8802330efc18 R08: ffff88023fc173d8 R09: 3038b7bf00000000
    R10: 00002f1a02000000 R11: 3038b7bf00000000 R12: 0000000000000000
    R13: 0000000000000000 R14: ffff8802337a2300 R15: 0000000000000020
    FS:  0000000000000000(0000) GS:ffff88023fc00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000148 CR3: 000000003680f000 CR4: 00000000001407f0
    Stack:
     ffff880097187c80 ffff880097187cd8 ffff8802330efc98 ffffffff81250281
     ffff8802330efc68 ffffffffa013e7df ffff8802330efc98 0000000000000246
     ffff8801f6901c00 ffff880233d2b8d8 ffff8802330efc58 ffff8802330efc58
    Call Trace:
     [<ffffffff81250281>] __posix_lock_file+0x31/0x5e0
     [<ffffffffa013e7df>] ? rpc_wake_up_task_queue_locked.part.35+0xcf/0x240 [sunrpc]
     [<ffffffff8125088b>] posix_lock_file_wait+0x3b/0xd0
     [<ffffffffa03890b2>] ? nfs41_wake_and_assign_slot+0x32/0x40 [nfsv4]
     [<ffffffffa0365808>] ? nfs41_sequence_done+0xd8/0x300 [nfsv4]
     [<ffffffffa0367525>] do_vfs_lock+0x35/0x40 [nfsv4]
     [<ffffffffa03690c1>] nfs4_locku_done+0x81/0x120 [nfsv4]
     [<ffffffffa013e310>] ? rpc_destroy_wait_queue+0x20/0x20 [sunrpc]
     [<ffffffffa013e310>] ? rpc_destroy_wait_queue+0x20/0x20 [sunrpc]
     [<ffffffffa013e33c>] rpc_exit_task+0x2c/0x90 [sunrpc]
     [<ffffffffa0134400>] ? call_refreshresult+0x170/0x170 [sunrpc]
     [<ffffffffa013ece4>] __rpc_execute+0x84/0x410 [sunrpc]
     [<ffffffffa013f085>] rpc_async_schedule+0x15/0x20 [sunrpc]
     [<ffffffff810add67>] process_one_work+0x147/0x400
     [<ffffffff810ae42b>] worker_thread+0x11b/0x460
     [<ffffffff810ae310>] ? rescuer_thread+0x2f0/0x2f0
     [<ffffffff810b35d9>] kthread+0xc9/0xe0
     [<ffffffff81010000>] ? perf_trace_xen_mmu_set_pmd+0xa0/0x160
     [<ffffffff810b3510>] ? kthread_create_on_node+0x170/0x170
     [<ffffffff8173c222>] ret_from_fork+0x42/0x70
     [<ffffffff810b3510>] ? kthread_create_on_node+0x170/0x170
    Code: a5 81 e8 85 75 e4 ff c6 05 31 ee aa 00 01 eb 98 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 fc 53 <48> 8b 9f 48 01 00 00 48 85 db 74 08 48 89 d8 5b 41 5c 5d c3 83
    RIP  [<ffffffff8124ef7f>] locks_get_lock_context+0xf/0xa0
     RSP <ffff8802330efc08>
    CR2: 0000000000000148
    ---[ end trace 64484f16250de7ef ]---

The problem is almost exactly the same as the one fixed by feaff8e5b2cf.
We must take a reference to the struct file when running the LOCKU
compound to prevent the final fput from running until the operation is
complete.

Reported-by: Jean Spector <jean@primarydata.com>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2015-07-01 11:27:27 -04:00
..
9p
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
adfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
affs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
afs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
autofs4
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
befs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
bfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
btrfs
Merge branch 'for-linus-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
2015-05-23 11:14:10 -07:00
cachefiles
VFS: fs/cachefiles: d_backing_inode() annotations
2015-04-15 15:06:59 -04:00
ceph
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
cifs
CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE
2015-05-20 13:25:55 -05:00
coda
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
configfs
configfs: init configfs module earlier at boot time
2015-05-05 17:10:11 -07:00
cramfs
debugfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
devpts
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
dlm
netlink: make nlmsg_end() and genlmsg_end() void
2015-01-18 01:03:45 -05:00
ecryptfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
efivarfs
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2015-05-06 10:57:37 -07:00
efs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
exofs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
exportfs
VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry)
2015-02-22 11:38:41 -05:00
ext2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ext3
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ext4
ext4: fix an ext3 collapse range regression in xfstests
2015-05-15 00:24:10 -04:00
f2fs
f2fs: fix wrong error hanlder in f2fs_follow_link
2015-05-04 14:15:16 -07:00
fat
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
freevxfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
fscache
fuse
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
gfs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
hfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
hfsplus
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
hostfs
hostfs: Use correct mask for file mode
2015-05-04 14:50:29 +02:00
hpfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
hppfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
hugetlbfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
isofs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
jbd
jbd: Deletion of an unnecessary check before the function call "iput"
2014-11-18 10:15:29 +01:00
jbd2
jbd2: fix r_count overflows leading to buffer overflow in journal recovery
2015-05-14 19:11:50 -04:00
jffs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
jfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
kernfs
kernfs: do not account ino_ida allocations to memcg
2015-05-14 17:55:51 -07:00
lockd
nfsd: eliminate NFSD_DEBUG
2015-04-21 16:16:02 -04:00
logfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
minix
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
ncpfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
nfs
nfs: take extra reference to fl->fl_file when running a LOCKU operation
2015-07-01 11:27:27 -04:00
nfs_common
nfsd
nfsd: skip CB_NULL probes for 4.1 or later
2015-05-04 12:02:42 -04:00
nilfs2
nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()
2015-05-05 17:10:11 -07:00
nls
notify
fanotify: fix event filtering with FAN_ONDIR set
2015-03-12 18:46:08 -07:00
ntfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
ocfs2
ocfs2: dlm: fix race between purge and get lock resource
2015-05-05 17:10:11 -07:00
omfs
omfs: fix potential integer overflow in allocator
2015-05-28 18:25:19 -07:00
openpromfs
overlayfs
ovl: mount read-only if workdir can't be created
2015-05-19 14:30:12 +02:00
proc
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
pstore
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
qnx4
qnx6
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
quota
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ramfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
reiserfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
romfs
make new_sync_{read,write}() static
2015-04-11 22:29:40 -04:00
squashfs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
sysfs
sysfs: Only accept read/write permissions for file attributes
2015-03-25 13:27:57 +01:00
sysv
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
tracefs
tracing: Have mkdir and rmdir be part of tracefs
2015-02-03 12:48:43 -05:00
ubifs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
udf
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
ufs
VFS: normal filesystems (and lustre): d_inode() annotations
2015-04-15 15:06:57 -04:00
xfs
xfs: fix broken i_nlink accounting for whiteout tmpfile inode
2015-05-29 08:14:55 +10:00
aio.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-16 23:27:56 -04:00
anon_inodes.c
attr.c
bad_inode.c
don't bother with most of the bad_file_ops methods
2015-02-20 04:03:58 -05:00
binfmt_aout.c
assorted conversions to %p[dD]
2014-11-19 13:01:20 -05:00
binfmt_elf_fdpic.c
binfmt_elf.c
fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings
2015-05-28 18:25:18 -07:00
binfmt_em86.c
syscalls: implement execveat() system call
2014-12-13 12:42:51 -08:00
binfmt_flat.c
binfmt_misc.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
binfmt_script.c
syscalls: implement execveat() system call
2014-12-13 12:42:51 -08:00
block_dev.c
direct-io: only inc/dec inode->i_dio_count for file systems
2015-04-24 15:45:28 -04:00
buffer.c
page_writeback: clean up mess around cancel_dirty_page()
2015-04-14 16:49:01 -07:00
char_dev.c
fs: introduce f_op->mmap_capabilities for nommu mmap support
2015-01-20 14:02:58 -07:00
compat_binfmt_elf.c
compat_ioctl.c
Bluetooth: bnep: Add support for get bnep features via ioctl
2015-04-03 23:21:34 +02:00
compat.c
coredump.c
coredump: accept any write method
2015-04-11 22:29:39 -04:00
dax.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-26 17:22:07 -07:00
dcache.c
d_walk() might skip too much
2015-05-28 23:45:30 -04:00
dcookies.c
direct-io.c
direct-io: only inc/dec inode->i_dio_count for file systems
2015-04-24 15:45:28 -04:00
drop_caches.c
vmscan: per memory cgroup slab shrinkers
2015-02-12 18:54:09 -08:00
eventfd.c
eventfd: don't take the spinlock in eventfd_poll
2015-02-17 14:34:52 -08:00
eventpoll.c
epoll: optimize setting task running after blocking
2015-02-13 21:21:40 -08:00
exec.c
parisc,metag: Fix crashes due to stack randomization on stack-grows-upwards architectures
2015-05-12 22:03:44 +02:00
fcntl.c
vfs: renumber FMODE_NONOTIFY and add to uniqueness check
2015-01-08 15:10:52 -08:00
fhandle.c
vfs: read file_handle only once in handle_to_path
2015-06-02 10:29:07 -07:00
file_table.c
->aio_read and ->aio_write removed
2015-04-11 22:29:43 -04:00
file.c
mm: rcu-protected get_mm_exe_file()
2015-04-17 09:04:07 -04:00
filesystems.c
fs_pin.c
fs_pin: Allow for the possibility that m_list or s_list go unused.
2015-04-09 11:39:55 -05:00
fs_struct.c
fs-writeback.c
fs: add dirtytime_expire_seconds sysctl
2015-03-17 12:23:32 -04:00
inode.c
direct-io: only inc/dec inode->i_dio_count for file systems
2015-04-24 15:45:28 -04:00
internal.h
trylock_super(): replacement for grab_super_passive()
2015-02-22 11:38:42 -05:00
ioctl.c
fsioctl.c: make generic_block_fiemap() signal-tolerant
2015-02-10 14:30:30 -08:00
Kconfig
f2fs: relocate Kconfig from misc filesystems
2015-04-10 15:08:35 -07:00
Kconfig.binfmt
mm: split ET_DYN ASLR from mmap ASLR
2015-04-14 16:49:05 -07:00
libfs.c
VFS: fs library helpers: d_inode() annotations
2015-04-15 15:06:58 -04:00
locks.c
proc: show locks in /proc/pid/fdinfo/X
2015-04-17 09:04:12 -04:00
Makefile
This adds the new tracefs file system. This has been in linux-next for
2015-04-14 10:22:29 -07:00
mbcache.c
mount.h
switch the IO-triggering parts of umount to fs_pin
2015-01-25 23:17:29 -05:00
mpage.c
namei.c
path_openat(): fix double fput()
2015-05-09 00:12:48 -04:00
namespace.c
mnt: Fix fs_fully_visible to verify the root directory is visible
2015-05-09 11:55:50 -05:00
no-block.c
nsfs.c
VFS: assorted weird filesystems: d_inode() annotations
2015-04-15 15:06:58 -04:00
open.c
xfs: update for 4.1-rc1
2015-04-24 07:08:41 -07:00
pipe.c
VFS: assorted weird filesystems: d_inode() annotations
2015-04-15 15:06:58 -04:00
pnode.c
mnt: Don't propagate unmounts to locked mounts
2015-04-02 20:34:20 -05:00
pnode.h
mnt: Honor MNT_LOCKED when detaching mounts
2015-04-09 11:39:55 -05:00
posix_acl.c
VFS: assorted d_backing_inode() annotations
2015-04-15 15:06:59 -04:00
proc_namespace.c
vfs: add support for a lazytime mount option
2015-02-05 02:45:00 -05:00
read_write.c
new_sync_write(): discard ->ki_pos unless the return value is positive
2015-04-11 22:29:46 -04:00
readdir.c
select.c
all arches, signal: move restart_block to struct task_struct
2015-02-12 18:54:12 -08:00
seq_file.c
bitmap, cpumask, nodemask: remove dedicated formatting functions
2015-02-13 21:21:39 -08:00
signalfd.c
splice.c
splice: sendfile() at once fails for big files
2015-05-06 09:27:41 -06:00
stack.c
stat.c
VFS: assorted d_backing_inode() annotations
2015-04-15 15:06:59 -04:00
statfs.c
super.c
cleancache: remove limit on the number of cleancache enabled filesystems
2015-04-14 16:49:03 -07:00
sync.c
vfs: add support for a lazytime mount option
2015-02-05 02:45:00 -05:00
timerfd.c
utimes.c
xattr.c
new helper: audit_file()
2014-11-19 13:01:26 -05:00