linux/fs/nfs
Chuck Lever ee5dc7732b NFS: Fix "kernel BUG at fs/nfs/nfs3xdr.c:1338!"
Milan Broz <mbroz@redhat.com> reports:

> on today Linus' tree I get OOps if using nfs.
>
> server (2.6.36) exports dir:
> /dir   172.16.1.0/24(rw,async,all_squash,no_subtree_check,anonuid=500,anongid=500)
>
> on client it is mounted  in fstab
> server:/dir  /mnt/tst  nfs  rw,soft 0 0
>
> and these commands OOpses it (simplified from a configure script):
>
> cd /dir
> touch x
> install x y
>
> [  105.327701] ------------[ cut here ]------------
> [  105.327979] kernel BUG at fs/nfs/nfs3xdr.c:1338!
> [  105.328075] invalid opcode: 0000 [#1] PREEMPT SMP
> [  105.328223] last sysfs file: /sys/devices/virtual/bdi/0:16/uevent
> [  105.328349] Modules linked in: usbcore dm_mod
> [  105.328553]
> [  105.328678] Pid: 3710, comm: install Not tainted 2.6.37+ #423 440BX Desktop Reference Platform/VMware Virtual Platform
> [  105.328853] EIP: 0060:[<c116c06c>] EFLAGS: 00010282 CPU: 0
> [  105.329152] EIP is at nfs3_xdr_enc_setacl3args+0x61/0x98
> [  105.329249] EAX: ffffffea EBX: ce941d98 ECX: 00000000 EDX: 00000004
> [  105.329340] ESI: ce941cd0 EDI: 000000a4 EBP: ce941cc0 ESP: ce941cb4
> [  105.329431]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [  105.329525] Process install (pid: 3710, ti=ce940000 task=ced36f20 task.ti=ce940000)
> [  105.336600] Stack:
> [  105.336693]  ce941cd0 ce9dc000 00000000 ce941cf8 c12ecd02 c12f43e0 c116c00b cf754158
> [  105.336982]  ce9dc004 cf754284 ce9dc004 cf7ffee8 ceff9978 ce9dc000 cf7ffee8 ce9dc000
> [  105.337182]  ce9dc000 ce941d14 c12e698d cf75412c ce941d98 cf7ffee8 cf7fff20 00000000
> [  105.337405] Call Trace:
> [  105.337695]  [<c12ecd02>] rpcauth_wrap_req+0x75/0x7f
> [  105.337806]  [<c12f43e0>] ? xdr_encode_opaque+0x12/0x15
> [  105.337898]  [<c116c00b>] ? nfs3_xdr_enc_setacl3args+0x0/0x98
> [  105.337988]  [<c12e698d>] call_transmit+0x17e/0x1e8
> [  105.338072]  [<c12ec307>] __rpc_execute+0x6d/0x1a6
> [  105.338155]  [<c12ec474>] rpc_execute+0x34/0x37
> [  105.338235]  [<c12e738d>] rpc_run_task+0xb5/0xbd
> [  105.338316]  [<c12e7474>] rpc_call_sync+0x3d/0x58
> [  105.338402]  [<c116d0c6>] nfs3_proc_setacls+0x18e/0x24f
> [  105.338493]  [<c10b3f76>] ? __kmalloc+0x148/0x1c4
> [  105.338579]  [<c10ecd01>] ? posix_acl_alloc+0x12/0x22
> [  105.338665]  [<c116d5c8>] nfs3_proc_setacl+0xa0/0xca
> [  105.338748]  [<c116d69c>] nfs3_setxattr+0x62/0x88
> [  105.338834]  [<c1317042>] ? sub_preempt_count+0x7c/0x89
> [  105.338926]  [<c116d63a>] ? nfs3_setxattr+0x0/0x88
> [  105.339026]  [<c10cfa79>] __vfs_setxattr_noperm+0x26/0x95
> [  105.339114]  [<c10cfb43>] vfs_setxattr+0x5b/0x76
> [  105.339211]  [<c10cfbfb>] setxattr+0x9d/0xc3
> [  105.339298]  [<c10a2ea8>] ? handle_pte_fault+0x258/0x5cb
> [  105.339428]  [<c1091ff6>] ? __free_pages+0x1a/0x23
> [  105.339517]  [<c10498ea>] ? up_read+0x16/0x2c
> [  105.339599]  [<c10b8365>] ? fget+0x0/0xa3
> [  105.339677]  [<c10b8365>] ? fget+0x0/0xa3
> [  105.339760]  [<c1025d23>] ? get_parent_ip+0xb/0x31
> [  105.339843]  [<c1317042>] ? sub_preempt_count+0x7c/0x89
> [  105.339931]  [<c10cfc72>] sys_fsetxattr+0x51/0x79
> [  105.340014]  [<c1002853>] sysenter_do_call+0x12/0x32
> [  105.340133] Code: 2e 76 18 00 58 31 d2 8b 7f 28 f6 43 04 01 74 03 8b 53 08 6a 00 8b 46 04 6a 01 8b 0b 52 89 fa e8 85 10 f8 ff 83 c4 0c 85 c0 79 04 <0f> 0b eb fe 31 c9 f6 43 04 04 74 03 8b 4b 0c 68 00 10 00 00 8d
> [  105.350321] EIP: [<c116c06c>] nfs3_xdr_enc_setacl3args+0x61/0x98 SS:ESP 0068:ce941cb4
> [  105.364385] ---[ end trace 01fcfe7f0f7f6e4a ]---

nfs3_xdr_enc_setacl3args() is not properly setting up the target
buffer before nfsacl_encode() attempts to encode the ACL.

Introduced by commit d9c407b1 "NFS: Introduce new-style XDR encoding
functions for NFSv3."

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2011-01-25 15:24:47 -05:00
..
cache_lib.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
cache_lib.h NFS: Add a dns resolver for use with NFSv4 referrals and migration 2009-08-19 18:22:15 -04:00
callback_proc.c pnfs: update nfs4_callback_recallany to handle layouts 2011-01-06 14:46:32 -05:00
callback_xdr.c pnfs: CB_LAYOUTRECALL xdr code 2011-01-06 14:46:32 -05:00
callback.c NFS rename client back channel transport field 2011-01-06 14:46:25 -05:00
callback.h pnfs: update nfs4_callback_recallany to handle layouts 2011-01-06 14:46:32 -05:00
client.c NFS: Move cl_delegations to the nfs_server struct 2011-01-06 14:57:46 -05:00
delegation.c NFS: Move cl_delegations to the nfs_server struct 2011-01-06 14:57:46 -05:00
delegation.h NFS: Move cl_delegations to the nfs_server struct 2011-01-06 14:57:46 -05:00
dir.c NFS: Use d_automount() rather than abusing follow_link() 2011-01-15 20:07:34 -05:00
direct.c NFS: Fix "kernel BUG at fs/aio.c:554!" 2011-01-25 15:24:47 -05:00
dns_resolve.c sunrpc: use seconds since boot in expiry cache 2010-09-07 19:21:20 -04:00
dns_resolve.h NFS: Use kernel DNS resolver [ver #2] 2010-08-11 17:11:28 +00:00
file.c NFS: Fix fcntl F_GETLK not reporting some conflicts 2010-12-07 19:30:43 -05:00
fscache-index.c NFS: Add read context retention for FS-Cache to call back with 2009-04-03 16:42:44 +01:00
fscache.c NFS: Squelch compiler warning 2010-05-14 15:09:31 -04:00
fscache.h NFS: Propagate 'fsc' mount option through automounts 2009-09-23 14:36:39 -04:00
getroot.c switch nfs to ->s_d_op 2011-01-12 20:02:45 -05:00
idmap.c nfs: fix mispelling of idmap CONFIG symbol 2011-01-04 13:10:39 -05:00
inode.c NFS: Use d_automount() rather than abusing follow_link() 2011-01-15 20:07:34 -05:00
internal.h NFS: Use d_automount() rather than abusing follow_link() 2011-01-15 20:07:34 -05:00
iostat.h NFS: Squelch compiler warning in nfs_add_server_stats() 2010-05-14 15:09:31 -04:00
Kconfig lockd: push lock_flocks down 2010-10-27 21:39:39 +02:00
Makefile NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET and GETDEVICEINFO infrastructure 2010-10-24 18:07:11 -04:00
mount_clnt.c NFS: Remove redundant unlikely() 2010-12-21 11:51:23 -05:00
namespace.c Unexport do_add_mount() and add in follow_automount(), not ->d_automount() 2011-01-15 20:07:48 -05:00
nfs2xdr.c Merge branch 'bugfixes' into nfs-for-2.6.38 2011-01-10 14:48:02 -05:00
nfs3acl.c NFS: Reduce stack footprint of nfs3_proc_getacl() and nfs3_proc_setacl() 2010-05-14 15:09:28 -04:00
nfs3proc.c NFS: readdir with vmapped pages 2010-10-23 15:27:35 -04:00
nfs3xdr.c NFS: Fix "kernel BUG at fs/nfs/nfs3xdr.c:1338!" 2011-01-25 15:24:47 -05:00
nfs4_fs.h NFS: Move cl_state_owners and related fields to the nfs_server struct 2011-01-06 14:47:57 -05:00
nfs4filelayout.c pnfs: add prefix to struct pnfs_layout_hdr fields 2011-01-06 14:46:31 -05:00
nfs4filelayout.h NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET and GETDEVICEINFO infrastructure 2010-10-24 18:07:11 -04:00
nfs4filelayoutdev.c NFS4: Avoid potential NULL pointer dereference in decode_and_add_ds(). 2011-01-25 15:24:46 -05:00
nfs4namespace.c NFSv4: Fix up the documentation for nfs_do_refmount 2010-05-14 15:09:29 -04:00
nfs4proc.c NFS fix the setting of exchange id flag 2011-01-11 14:17:09 -05:00
nfs4renewd.c NFS: Move cl_delegations to the nfs_server struct 2011-01-06 14:57:46 -05:00
nfs4state.c NFS: Move cl_state_owners and related fields to the nfs_server struct 2011-01-06 14:47:57 -05:00
nfs4xdr.c Merge branch 'bugfixes' into nfs-for-2.6.38 2011-01-10 14:48:02 -05:00
nfsroot.c NFS: Fix a compile issue in nfs_root 2010-10-26 13:56:42 -04:00
pagelist.c nfs: Take advantage of kmem_cache_zalloc() in nfs_page_alloc() 2010-12-21 11:51:24 -05:00
pnfs.c pnfs: layout roc code 2011-01-06 14:46:32 -05:00
pnfs.h pnfs: layout roc code 2011-01-06 14:46:32 -05:00
proc.c NFS: Don't leak in nfs_proc_symlink() 2011-01-04 13:10:36 -05:00
read.c nfs: remove extraneous and problematic calls to nfs_clear_request 2010-12-07 23:02:44 -05:00
super.c switch nfs to ->s_d_op 2011-01-12 20:02:45 -05:00
symlink.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sysctl.c NFS: new idmapper 2010-10-07 18:48:49 -04:00
unlink.c Merge branch 'nfs-for-2.6.38' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2011-01-11 15:11:56 -08:00
write.c NFS: fix handling of malloc failure during nfs_flush_multi() 2011-01-19 15:37:49 -05:00