3.0-stable patches

added patches:
	nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch

diff --git a/queue-3.0/nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch b/queue-3.0/nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch
new file mode 100644 (file)
index 0000000..d9e5971
--- /dev/null
+++ b/queue-3.0/nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch
@@ -0,0 +1,87 @@
+From 19fa18a644a6303d49295d921e651b7e19a3a75f Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Wed, 22 Aug 2012 16:08:17 -0400
+Subject: NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+[Fixed upstream as part of 0b728e1911c, but that's a much larger patch,
+this is only the nfs portion backported as needed.]
+
+Fix the following Oops in 3.5.1:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
+ IP: [<ffffffffa03789cd>] nfs_lookup_revalidate+0x2d/0x480 [nfs]
+ PGD 337c63067 PUD 0
+ Oops: 0000 [#1] SMP
+ CPU 5
+ Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc af_packet binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal processor thermal_sys
+
+ Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT
+ RIP: 0010:[<ffffffffa03789cd>]  [<ffffffffa03789cd>] nfs_lookup_revalidate+0x2d/0x480 [nfs]
+ RSP: 0018:ffff8801b418bd38  EFLAGS: 00010292
+ RAX: 00000000fffffff6 RBX: ffff88032016d800 RCX: 0000000000000020
+ RDX: ffffffff00000000 RSI: 0000000000000000 RDI: ffff8801824a7b00
+ RBP: ffff8801b418bdf8 R08: 7fffff0034323030 R09: fffffffff04c03ed
+ R10: ffff8801824a7b00 R11: 0000000000000002 R12: ffff8801824a7b00
+ R13: ffff8801824a7b00 R14: 0000000000000000 R15: ffff8803201725d0
+ FS:  00002b53a46cb700(0000) GS:ffff88033fc20000(0000) knlGS:0000000000000000
+ CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000000038 CR3: 000000020a426000 CR4: 00000000000007e0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+ Process java (pid: 30431, threadinfo ffff8801b418a000, task ffff8801b5d20600)
+ Stack:
+  ffff8801b418be44 ffff88032016d800 ffff8801b418bdf8 0000000000000000
+  ffff8801824a7b00 ffff8801b418bdd7 ffff8803201725d0 ffffffff8116a9c0
+  ffff8801b5c38dc0 0000000000000007 ffff88032016d800 0000000000000000
+ Call Trace:
+  [<ffffffff8116a9c0>] lookup_dcache+0x80/0xe0
+  [<ffffffff8116aa43>] __lookup_hash+0x23/0x90
+  [<ffffffff8116b4a5>] lookup_one_len+0xc5/0x100
+  [<ffffffffa03869a3>] nfs_sillyrename+0xe3/0x210 [nfs]
+  [<ffffffff8116cadf>] vfs_unlink.part.25+0x7f/0xe0
+  [<ffffffff8116f22c>] do_unlinkat+0x1ac/0x1d0
+  [<ffffffff815717b9>] system_call_fastpath+0x16/0x1b
+  [<00002b5348b5f527>] 0x2b5348b5f526
+ Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 <f6> 46 38 40 0f 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89
+ RIP  [<ffffffffa03789cd>] nfs_lookup_revalidate+0x2d/0x480 [nfs]
+  RSP <ffff8801b418bd38>
+ CR2: 0000000000000038
+ ---[ end trace 845113ed191985dd ]---
+
+This Oops affects 3.5 kernels and older, and is due to lookup_one_len()
+calling down to the dentry revalidation code with a NULL pointer
+to struct nameidata.
+
+It is fixed upstream by commit 0b728e1911c (stop passing nameidata *
+to ->d_revalidate())
+
+Reported-by: Richard Ems <richard.ems@cape-horn-eng.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/dir.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -1100,7 +1100,7 @@ static int nfs_lookup_revalidate(struct
+       struct nfs_fattr *fattr = NULL;
+       int error;
+ 
+-      if (nd->flags & LOOKUP_RCU)
++      if (nd && (nd->flags & LOOKUP_RCU))
+               return -ECHILD;
+ 
+       parent = dget_parent(dentry);
+@@ -1498,7 +1498,7 @@ static int nfs_open_revalidate(struct de
+       struct nfs_open_context *ctx;
+       int openflags, ret = 0;
+ 
+-      if (nd->flags & LOOKUP_RCU)
++      if (nd && (nd->flags & LOOKUP_RCU))
+               return -ECHILD;
+ 
+       inode = dentry->d_inode;

diff --git a/queue-3.0/series b/queue-3.0/series
index efd3c57d32cc61d905f349efdbfd9b8764c0ec37..f7ce6de7154fe9b7c6559c42607f9eae8b5cb073 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -11,3 +11,4 @@ nfsv3-make-v3-mounts-fail-with-etimedouts-instead-eio-on-mountd-timeouts.patch
 nfs-show-original-device-name-verbatim-in-proc-mount-s-info.patch
 nfsv4-nfs4_locku_done-must-release-the-sequence-id.patch
 nfs-fix-bug-in-legacy-dns-resolver.patch
+nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch