1. 21 9月, 2015 1 次提交
  2. 02 9月, 2015 2 次提交
  3. 31 8月, 2015 2 次提交
  4. 28 8月, 2015 3 次提交
  5. 20 8月, 2015 1 次提交
  6. 19 8月, 2015 3 次提交
  7. 18 8月, 2015 2 次提交
    • A
      NFS: Remove nfs41_server_notify_{target|highest}_slotid_update() · 3f10a6af
      Anna Schumaker 提交于
      All these functions do is call nfs41_ping_server() without adding
      anything.  Let's remove them and give nfs41_ping_server() a better name
      instead.
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      3f10a6af
    • K
      NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client · 18e3b739
      Kinglong Mee 提交于
      ---Steps to Reproduce--
      <nfs-server>
      # cat /etc/exports
      /nfs/referal  *(rw,insecure,no_subtree_check,no_root_squash,crossmnt)
      /nfs/old      *(ro,insecure,subtree_check,root_squash,crossmnt)
      
      <nfs-client>
      # mount -t nfs nfs-server:/nfs/ /mnt/
      # ll /mnt/*/
      
      <nfs-server>
      # cat /etc/exports
      /nfs/referal   *(rw,insecure,no_subtree_check,no_root_squash,crossmnt,refer=/nfs/old/@nfs-server)
      /nfs/old       *(ro,insecure,subtree_check,root_squash,crossmnt)
      # service nfs restart
      
      <nfs-client>
      # ll /mnt/*/    --->>>>> oops here
      
      [ 5123.102925] BUG: unable to handle kernel NULL pointer dereference at           (null)
      [ 5123.103363] IP: [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
      [ 5123.103752] PGD 587b9067 PUD 3cbf5067 PMD 0
      [ 5123.104131] Oops: 0000 [#1]
      [ 5123.104529] Modules linked in: nfsv4(OE) nfs(OE) fscache(E) nfsd(OE) xfs libcrc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev vmw_balloon parport_pc parport i2c_piix4 shpchp auth_rpcgss nfs_acl vmw_vmci lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi serio_raw scsi_transport_spi e1000 mptscsih mptbase ata_generic pata_acpi [last unloaded: nfsd]
      [ 5123.105887] CPU: 0 PID: 15853 Comm: ::1-manager Tainted: G           OE   4.2.0-rc6+ #214
      [ 5123.106358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
      [ 5123.106860] task: ffff88007620f300 ti: ffff88005877c000 task.ti: ffff88005877c000
      [ 5123.107363] RIP: 0010:[<ffffffffa03ed38b>]  [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
      [ 5123.107909] RSP: 0018:ffff88005877fdb8  EFLAGS: 00010246
      [ 5123.108435] RAX: ffff880053f3bc00 RBX: ffff88006ce6c908 RCX: ffff880053a0d240
      [ 5123.108968] RDX: ffffea0000e6d940 RSI: ffff8800399a0000 RDI: ffff88006ce6c908
      [ 5123.109503] RBP: ffff88005877fe28 R08: ffffffff81c708a0 R09: 0000000000000000
      [ 5123.110045] R10: 00000000000001a2 R11: ffff88003ba7f5c8 R12: ffff880054c55800
      [ 5123.110618] R13: 0000000000000000 R14: ffff880053a0d240 R15: ffff880053a0d240
      [ 5123.111169] FS:  0000000000000000(0000) GS:ffffffff81c27000(0000) knlGS:0000000000000000
      [ 5123.111726] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 5123.112286] CR2: 0000000000000000 CR3: 0000000054cac000 CR4: 00000000001406f0
      [ 5123.112888] Stack:
      [ 5123.113458]  ffffea0000e6d940 ffff8800399a0000 00000000000167d0 0000000000000000
      [ 5123.114049]  0000000000000000 0000000000000000 0000000000000000 00000000a7ec82c6
      [ 5123.114662]  ffff88005877fe18 ffffea0000e6d940 ffff8800399a0000 ffff880054c55800
      [ 5123.115264] Call Trace:
      [ 5123.115868]  [<ffffffffa03fb44b>] nfs4_try_migration+0xbb/0x220 [nfsv4]
      [ 5123.116487]  [<ffffffffa03fcb3b>] nfs4_run_state_manager+0x4ab/0x7b0 [nfsv4]
      [ 5123.117104]  [<ffffffffa03fc690>] ? nfs4_do_reclaim+0x510/0x510 [nfsv4]
      [ 5123.117813]  [<ffffffff810a4527>] kthread+0xd7/0xf0
      [ 5123.118456]  [<ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
      [ 5123.119108]  [<ffffffff816d9cdf>] ret_from_fork+0x3f/0x70
      [ 5123.119723]  [<ffffffff810a4450>] ? kthread_worker_fn+0x160/0x160
      [ 5123.120329] Code: 4c 8b 6a 58 74 17 eb 52 48 8d 55 a8 89 c6 4c 89 e7 e8 4a b5 ff ff 8b 45 b0 85 c0 74 1c 4c 89 f9 48 8b 55 90 48 8b 75 98 48 89 df <41> ff 55 00 3d e8 d8 ff ff 41 89 c6 74 cf 48 8b 4d c8 65 48 33
      [ 5123.121643] RIP  [<ffffffffa03ed38b>] nfs4_proc_get_locations+0x9b/0x120 [nfsv4]
      [ 5123.122308]  RSP <ffff88005877fdb8>
      [ 5123.122942] CR2: 0000000000000000
      
      Fixes: ec011fe8 ("NFS: Introduce a vector of migration recovery ops")
      Cc: stable@vger.kernel.org # v3.13+
      Signed-off-by: NKinglong Mee <kinglongmee@gmail.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      18e3b739
  8. 13 8月, 2015 1 次提交
    • N
      NFSv4: don't set SETATTR for O_RDONLY|O_EXCL · efcbc04e
      NeilBrown 提交于
      It is unusual to combine the open flags O_RDONLY and O_EXCL, but
      it appears that libre-office does just that.
      
      [pid  3250] stat("/home/USER/.config", {st_mode=S_IFDIR|0700, st_size=8192, ...}) = 0
      [pid  3250] open("/home/USER/.config/libreoffice/4-suse/user/extensions/buildid", O_RDONLY|O_EXCL <unfinished ...>
      
      NFSv4 takes O_EXCL as a sign that a setattr command should be sent,
      probably to reset the timestamps.
      
      When it was an O_RDONLY open, the SETATTR command does not
      identify any actual attributes to change.
      If no delegation was provided to the open, the SETATTR uses the
      all-zeros stateid and the request is accepted (at least by the
      Linux NFS server - no harm, no foul).
      
      If a read-delegation was provided, this is used in the SETATTR
      request, and a Netapp filer will justifiably claim
      NFS4ERR_BAD_STATEID, which the Linux client takes as a sign
      to retry - indefinitely.
      
      So only treat O_EXCL specially if O_CREAT was also given.
      Signed-off-by: NNeilBrown <neilb@suse.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      efcbc04e
  9. 28 7月, 2015 1 次提交
    • K
      nfs: Fix an oops caused by using other thread's stack space in ASYNC mode · a49c2691
      Kinglong Mee 提交于
      An oops caused by using other thread's stack space in sunrpc ASYNC sending thread.
      
      [ 9839.007187] ------------[ cut here ]------------
      [ 9839.007923] kernel BUG at fs/nfs/nfs4xdr.c:910!
      [ 9839.008069] invalid opcode: 0000 [#1] SMP
      [ 9839.008069] Modules linked in: blocklayoutdriver rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm joydev iosf_mbi crct10dif_pclmul snd_timer crc32_pclmul crc32c_intel ghash_clmulni_intel snd soundcore ppdev pvpanic parport_pc i2c_piix4 serio_raw virtio_balloon parport acpi_cpufreq nfsd nfs_acl lockd grace auth_rpcgss sunrpc qxl drm_kms_helper virtio_net virtio_console virtio_blk ttm drm virtio_pci virtio_ring virtio ata_generic pata_acpi
      [ 9839.008069] CPU: 0 PID: 308 Comm: kworker/0:1H Not tainted 4.0.0-0.rc4.git1.3.fc23.x86_64 #1
      [ 9839.008069] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      [ 9839.008069] Workqueue: rpciod rpc_async_schedule [sunrpc]
      [ 9839.008069] task: ffff8800d8b4d8e0 ti: ffff880036678000 task.ti: ffff880036678000
      [ 9839.008069] RIP: 0010:[<ffffffffa0339cc9>]  [<ffffffffa0339cc9>] reserve_space.part.73+0x9/0x10 [nfsv4]
      [ 9839.008069] RSP: 0018:ffff88003667ba58  EFLAGS: 00010246
      [ 9839.008069] RAX: 0000000000000000 RBX: 000000001fc15e18 RCX: ffff8800c0193800
      [ 9839.008069] RDX: ffff8800e4ae3f24 RSI: 000000001fc15e2c RDI: ffff88003667bcd0
      [ 9839.008069] RBP: ffff88003667ba58 R08: ffff8800d9173008 R09: 0000000000000003
      [ 9839.008069] R10: ffff88003667bcd0 R11: 000000000000000c R12: 0000000000010000
      [ 9839.008069] R13: ffff8800d9173350 R14: 0000000000000000 R15: ffff8800c0067b98
      [ 9839.008069] FS:  0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
      [ 9839.008069] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 9839.008069] CR2: 00007f988c9c8bb0 CR3: 00000000d99b6000 CR4: 00000000000407f0
      [ 9839.008069] Stack:
      [ 9839.008069]  ffff88003667bbc8 ffffffffa03412c5 00000000c6c55680 ffff880000000003
      [ 9839.008069]  0000000000000088 00000010c6c55680 0001000000000002 ffffffff816e87e9
      [ 9839.008069]  0000000000000000 00000000477290e2 ffff88003667bab8 ffffffff81327ba3
      [ 9839.008069] Call Trace:
      [ 9839.008069]  [<ffffffffa03412c5>] encode_attrs+0x435/0x530 [nfsv4]
      [ 9839.008069]  [<ffffffff816e87e9>] ? inet_sendmsg+0x69/0xb0
      [ 9839.008069]  [<ffffffff81327ba3>] ? selinux_socket_sendmsg+0x23/0x30
      [ 9839.008069]  [<ffffffff8164c1df>] ? do_sock_sendmsg+0x9f/0xc0
      [ 9839.008069]  [<ffffffff8164c278>] ? kernel_sendmsg+0x58/0x70
      [ 9839.008069]  [<ffffffffa011acc0>] ? xdr_reserve_space+0x20/0x170 [sunrpc]
      [ 9839.008069]  [<ffffffffa011acc0>] ? xdr_reserve_space+0x20/0x170 [sunrpc]
      [ 9839.008069]  [<ffffffffa0341b40>] ? nfs4_xdr_enc_open_noattr+0x130/0x130 [nfsv4]
      [ 9839.008069]  [<ffffffffa03419a5>] encode_open+0x2d5/0x340 [nfsv4]
      [ 9839.008069]  [<ffffffffa0341b40>] ? nfs4_xdr_enc_open_noattr+0x130/0x130 [nfsv4]
      [ 9839.008069]  [<ffffffffa011ab89>] ? xdr_encode_opaque+0x19/0x20 [sunrpc]
      [ 9839.008069]  [<ffffffffa0339cfb>] ? encode_string+0x2b/0x40 [nfsv4]
      [ 9839.008069]  [<ffffffffa0341bf3>] nfs4_xdr_enc_open+0xb3/0x140 [nfsv4]
      [ 9839.008069]  [<ffffffffa0110a4c>] rpcauth_wrap_req+0xac/0xf0 [sunrpc]
      [ 9839.008069]  [<ffffffffa01017db>] call_transmit+0x18b/0x2d0 [sunrpc]
      [ 9839.008069]  [<ffffffffa0101650>] ? call_decode+0x860/0x860 [sunrpc]
      [ 9839.008069]  [<ffffffffa0101650>] ? call_decode+0x860/0x860 [sunrpc]
      [ 9839.008069]  [<ffffffffa010caa0>] __rpc_execute+0x90/0x460 [sunrpc]
      [ 9839.008069]  [<ffffffffa010ce85>] rpc_async_schedule+0x15/0x20 [sunrpc]
      [ 9839.008069]  [<ffffffff810b452b>] process_one_work+0x1bb/0x410
      [ 9839.008069]  [<ffffffff810b47d3>] worker_thread+0x53/0x470
      [ 9839.008069]  [<ffffffff810b4780>] ? process_one_work+0x410/0x410
      [ 9839.008069]  [<ffffffff810b4780>] ? process_one_work+0x410/0x410
      [ 9839.008069]  [<ffffffff810ba7b8>] kthread+0xd8/0xf0
      [ 9839.008069]  [<ffffffff810ba6e0>] ? kthread_worker_fn+0x180/0x180
      [ 9839.008069]  [<ffffffff81786418>] ret_from_fork+0x58/0x90
      [ 9839.008069]  [<ffffffff810ba6e0>] ? kthread_worker_fn+0x180/0x180
      [ 9839.008069] Code: 00 00 48 c7 c7 21 fa 37 a0 e8 94 1c d6 e0 c6 05 d2 17 05 00 01 8b 03 eb d7 66 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 <0f> 0b 0f 1f 44 00 00 66 66 66 66 90 55 48 89 e5 41 54 53 89 f3
      [ 9839.008069] RIP  [<ffffffffa0339cc9>] reserve_space.part.73+0x9/0x10 [nfsv4]
      [ 9839.008069]  RSP <ffff88003667ba58>
      [ 9839.071114] ---[ end trace cc14c03adb522e94 ]---
      Signed-off-by: NKinglong Mee <kinglongmee@gmail.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      a49c2691
  10. 23 7月, 2015 2 次提交
  11. 13 7月, 2015 2 次提交
  12. 11 7月, 2015 2 次提交
  13. 06 7月, 2015 2 次提交
  14. 01 7月, 2015 3 次提交
    • K
      nfs: Remove invalid tk_pid from debug message · b4839ebe
      Kinglong Mee 提交于
      Before rpc_run_task(), tk_pid is uninitiated as 0 always.
      Signed-off-by: NKinglong Mee <kinglongmee@gmail.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      b4839ebe
    • K
    • J
      nfs: take extra reference to fl->fl_file when running a LOCKU operation · db2efec0
      Jeff Layton 提交于
      Jean reported another crash, similar to the one fixed by feaff8e5:
      
          BUG: unable to handle kernel NULL pointer dereference at 0000000000000148
          IP: [<ffffffff8124ef7f>] locks_get_lock_context+0xf/0xa0
          PGD 0
          Oops: 0000 [#1] SMP
          Modules linked in: nfsv3 nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache vmw_vsock_vmci_transport vsock cfg80211 rfkill coretemp crct10dif_pclmul ppdev vmw_balloon crc32_pclmul crc32c_intel ghash_clmulni_intel pcspkr vmxnet3 parport_pc i2c_piix4 microcode serio_raw parport nfsd floppy vmw_vmci acpi_cpufreq auth_rpcgss shpchp nfs_acl lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi scsi_transport_spi mptscsih ata_generic mptbase i2c_core pata_acpi
          CPU: 0 PID: 329 Comm: kworker/0:1H Not tainted 4.1.0-rc7+ #2
          Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/30/2013
          Workqueue: rpciod rpc_async_schedule [sunrpc]
          30ec000
          RIP: 0010:[<ffffffff8124ef7f>]  [<ffffffff8124ef7f>] locks_get_lock_context+0xf/0xa0
          RSP: 0018:ffff8802330efc08  EFLAGS: 00010296
          RAX: ffff8802330efc58 RBX: ffff880097187c80 RCX: 0000000000000000
          RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
          RBP: ffff8802330efc18 R08: ffff88023fc173d8 R09: 3038b7bf00000000
          R10: 00002f1a02000000 R11: 3038b7bf00000000 R12: 0000000000000000
          R13: 0000000000000000 R14: ffff8802337a2300 R15: 0000000000000020
          FS:  0000000000000000(0000) GS:ffff88023fc00000(0000) knlGS:0000000000000000
          CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
          CR2: 0000000000000148 CR3: 000000003680f000 CR4: 00000000001407f0
          Stack:
           ffff880097187c80 ffff880097187cd8 ffff8802330efc98 ffffffff81250281
           ffff8802330efc68 ffffffffa013e7df ffff8802330efc98 0000000000000246
           ffff8801f6901c00 ffff880233d2b8d8 ffff8802330efc58 ffff8802330efc58
          Call Trace:
           [<ffffffff81250281>] __posix_lock_file+0x31/0x5e0
           [<ffffffffa013e7df>] ? rpc_wake_up_task_queue_locked.part.35+0xcf/0x240 [sunrpc]
           [<ffffffff8125088b>] posix_lock_file_wait+0x3b/0xd0
           [<ffffffffa03890b2>] ? nfs41_wake_and_assign_slot+0x32/0x40 [nfsv4]
           [<ffffffffa0365808>] ? nfs41_sequence_done+0xd8/0x300 [nfsv4]
           [<ffffffffa0367525>] do_vfs_lock+0x35/0x40 [nfsv4]
           [<ffffffffa03690c1>] nfs4_locku_done+0x81/0x120 [nfsv4]
           [<ffffffffa013e310>] ? rpc_destroy_wait_queue+0x20/0x20 [sunrpc]
           [<ffffffffa013e310>] ? rpc_destroy_wait_queue+0x20/0x20 [sunrpc]
           [<ffffffffa013e33c>] rpc_exit_task+0x2c/0x90 [sunrpc]
           [<ffffffffa0134400>] ? call_refreshresult+0x170/0x170 [sunrpc]
           [<ffffffffa013ece4>] __rpc_execute+0x84/0x410 [sunrpc]
           [<ffffffffa013f085>] rpc_async_schedule+0x15/0x20 [sunrpc]
           [<ffffffff810add67>] process_one_work+0x147/0x400
           [<ffffffff810ae42b>] worker_thread+0x11b/0x460
           [<ffffffff810ae310>] ? rescuer_thread+0x2f0/0x2f0
           [<ffffffff810b35d9>] kthread+0xc9/0xe0
           [<ffffffff81010000>] ? perf_trace_xen_mmu_set_pmd+0xa0/0x160
           [<ffffffff810b3510>] ? kthread_create_on_node+0x170/0x170
           [<ffffffff8173c222>] ret_from_fork+0x42/0x70
           [<ffffffff810b3510>] ? kthread_create_on_node+0x170/0x170
          Code: a5 81 e8 85 75 e4 ff c6 05 31 ee aa 00 01 eb 98 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 fc 53 <48> 8b 9f 48 01 00 00 48 85 db 74 08 48 89 d8 5b 41 5c 5d c3 83
          RIP  [<ffffffff8124ef7f>] locks_get_lock_context+0xf/0xa0
           RSP <ffff8802330efc08>
          CR2: 0000000000000148
          ---[ end trace 64484f16250de7ef ]---
      
      The problem is almost exactly the same as the one fixed by feaff8e5.
      We must take a reference to the struct file when running the LOCKU
      compound to prevent the final fput from running until the operation is
      complete.
      Reported-by: NJean Spector <jean@primarydata.com>
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      db2efec0
  15. 29 6月, 2015 1 次提交
    • N
      NFSv4: When returning a delegation, don't reclaim an incompatible open mode. · 39f897fd
      NeilBrown 提交于
      It is possible to have an active open with one mode, and a delegation
      for the same file with a different mode.
      In particular, a WR_ONLY open and an RD_ONLY delegation.
      This happens if a WR_ONLY open is followed by a RD_ONLY open which
      provides a delegation, but is then close.
      
      When returning the delegation, we currently try to claim opens for
      every open type (n_rdwr, n_rdonly, n_wronly).  As there is no harm
      in claiming an open for a mode that we already have, this is often
      simplest.
      
      However if the delegation only provides a subset of the modes that we
      currently have open, this will produce an error from the server.
      
      So when claiming open modes prior to returning a delegation, skip the
      open request if the mode is not covered by the delegation - the open_stateid
      must already cover that mode, so there is nothing to do.
      Signed-off-by: NNeilBrown <neilb@suse.de>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      39f897fd
  16. 27 6月, 2015 1 次提交
  17. 24 6月, 2015 1 次提交
  18. 16 6月, 2015 5 次提交
  19. 11 6月, 2015 1 次提交
  20. 05 6月, 2015 1 次提交
  21. 14 5月, 2015 1 次提交
    • J
      nfs: take extra reference to fl->fl_file when running a setlk · feaff8e5
      Jeff Layton 提交于
      We had a report of a crash while stress testing the NFS client:
      
          BUG: unable to handle kernel NULL pointer dereference at 0000000000000150
          IP: [<ffffffff8127b698>] locks_get_lock_context+0x8/0x90
          PGD 0
          Oops: 0000 [#1] SMP
          Modules linked in: rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_filter ebtable_broute bridge stp llc ebtables ip6table_security ip6table_mangle ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_raw ip6table_filter ip6_tables iptable_security iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_raw coretemp crct10dif_pclmul ppdev crc32_pclmul crc32c_intel ghash_clmulni_intel vmw_balloon serio_raw vmw_vmci i2c_piix4 shpchp parport_pc acpi_cpufreq parport nfsd auth_rpcgss nfs_acl lockd grace sunrpc vmwgfx drm_kms_helper ttm drm mptspi scsi_transport_spi mptscsih mptbase e1000 ata_generic pata_acpi
          CPU: 1 PID: 399 Comm: kworker/1:1H Not tainted 4.1.0-0.rc1.git0.1.fc23.x86_64 #1
          Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/30/2013
          Workqueue: rpciod rpc_async_schedule [sunrpc]
          task: ffff880036aea7c0 ti: ffff8800791f4000 task.ti: ffff8800791f4000
          RIP: 0010:[<ffffffff8127b698>]  [<ffffffff8127b698>] locks_get_lock_context+0x8/0x90
          RSP: 0018:ffff8800791f7c00  EFLAGS: 00010293
          RAX: ffff8800791f7c40 RBX: ffff88001f2ad8c0 RCX: ffffe8ffffc80305
          RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
          RBP: ffff8800791f7c88 R08: ffff88007fc971d8 R09: 279656d600000000
          R10: 0000034a01000000 R11: 279656d600000000 R12: ffff88001f2ad918
          R13: ffff88001f2ad8c0 R14: 0000000000000000 R15: 0000000100e73040
          FS:  0000000000000000(0000) GS:ffff88007fc80000(0000) knlGS:0000000000000000
          CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
          CR2: 0000000000000150 CR3: 0000000001c0b000 CR4: 00000000000407e0
          Stack:
           ffffffff8127c5b0 ffff8800791f7c18 ffffffffa0171e29 ffff8800791f7c58
           ffffffffa0171ef8 ffff8800791f7c78 0000000000000246 ffff88001ea0ba00
           ffff8800791f7c40 ffff8800791f7c40 00000000ff5d86a3 ffff8800791f7ca8
          Call Trace:
           [<ffffffff8127c5b0>] ? __posix_lock_file+0x40/0x760
           [<ffffffffa0171e29>] ? rpc_make_runnable+0x99/0xa0 [sunrpc]
           [<ffffffffa0171ef8>] ? rpc_wake_up_task_queue_locked.part.35+0xc8/0x250 [sunrpc]
           [<ffffffff8127cd3a>] posix_lock_file_wait+0x4a/0x120
           [<ffffffffa03e4f12>] ? nfs41_wake_and_assign_slot+0x32/0x40 [nfsv4]
           [<ffffffffa03bf108>] ? nfs41_sequence_done+0xd8/0x2d0 [nfsv4]
           [<ffffffffa03c116d>] do_vfs_lock+0x2d/0x30 [nfsv4]
           [<ffffffffa03c251d>] nfs4_lock_done+0x1ad/0x210 [nfsv4]
           [<ffffffffa0171a30>] ? __rpc_sleep_on_priority+0x390/0x390 [sunrpc]
           [<ffffffffa0171a30>] ? __rpc_sleep_on_priority+0x390/0x390 [sunrpc]
           [<ffffffffa0171a5c>] rpc_exit_task+0x2c/0xa0 [sunrpc]
           [<ffffffffa0167450>] ? call_refreshresult+0x150/0x150 [sunrpc]
           [<ffffffffa0172640>] __rpc_execute+0x90/0x460 [sunrpc]
           [<ffffffffa0172a25>] rpc_async_schedule+0x15/0x20 [sunrpc]
           [<ffffffff810baa1b>] process_one_work+0x1bb/0x410
           [<ffffffff810bacc3>] worker_thread+0x53/0x480
           [<ffffffff810bac70>] ? process_one_work+0x410/0x410
           [<ffffffff810bac70>] ? process_one_work+0x410/0x410
           [<ffffffff810c0b38>] kthread+0xd8/0xf0
           [<ffffffff810c0a60>] ? kthread_worker_fn+0x180/0x180
           [<ffffffff817a1aa2>] ret_from_fork+0x42/0x70
           [<ffffffff810c0a60>] ? kthread_worker_fn+0x180/0x180
      
      Jean says:
      
      "Running locktests with a large number of iterations resulted in a
       client crash.  The test run took a while and hasn't finished after close
       to 2 hours. The crash happened right after I gave up and killed the test
       (after 107m) with Ctrl+C."
      
      The crash happened because a NULL inode pointer got passed into
      locks_get_lock_context. The call chain indicates that file_inode(filp)
      returned NULL, which means that f_inode was NULL. Since that's zeroed
      out in __fput, that suggests that this filp pointer outlived the last
      reference.
      
      Looking at the code, that seems possible. We copy the struct file_lock
      that's passed in, but if the task is signalled at an inopportune time we
      can end up trying to use that file_lock in rpciod context after the process
      that requested it has already returned (and possibly put its filp
      reference).
      
      Fix this by taking an extra reference to the filp when we allocate the
      lock info, and put it in nfs4_lock_release.
      Reported-by: NJean Spector <jean@primarydata.com>
      Signed-off-by: NJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: NTrond Myklebust <trond.myklebust@primarydata.com>
      feaff8e5
  22. 24 4月, 2015 2 次提交