From: Greg Kroah-Hartman Date: Mon, 5 Nov 2012 15:39:08 +0000 (+0100) Subject: 3.0-stable patches X-Git-Tag: v3.0.52~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b023e03dedfca0c6d5b3c06210691b2be7756bd;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch --- diff --git a/queue-3.0/nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch b/queue-3.0/nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch new file mode 100644 index 00000000000..d9e59714c22 --- /dev/null +++ b/queue-3.0/nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch @@ -0,0 +1,87 @@ +From 19fa18a644a6303d49295d921e651b7e19a3a75f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 22 Aug 2012 16:08:17 -0400 +Subject: NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate + +From: Trond Myklebust + +[Fixed upstream as part of 0b728e1911c, but that's a much larger patch, +this is only the nfs portion backported as needed.] + +Fix the following Oops in 3.5.1: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 + IP: [] nfs_lookup_revalidate+0x2d/0x480 [nfs] + PGD 337c63067 PUD 0 + Oops: 0000 [#1] SMP + CPU 5 + Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss sunrpc af_packet binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave dm_mod acpi_cpufreq mperf coretemp gpio_ich kvm_intel joydev kvm ioatdma hid_generic igb lpc_ich i7core_edac edac_core ptp serio_raw dca pcspkr i2c_i801 mfd_core sg pps_core usbhid crc32c_intel microcode button autofs4 uhci_hcd ttm drm_kms_helper drm i2c_algo_bit sysimgblt sysfillrect syscopyarea ehci_hcd usbcore usb_common scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh edd fan ata_piix thermal processor thermal_sys + + Pid: 30431, comm: java Not tainted 3.5.1-2-default #1 Supermicro X8DTT/X8DTT + RIP: 0010:[] [] nfs_lookup_revalidate+0x2d/0x480 [nfs] + RSP: 0018:ffff8801b418bd38 EFLAGS: 00010292 + RAX: 00000000fffffff6 RBX: ffff88032016d800 RCX: 0000000000000020 + RDX: ffffffff00000000 RSI: 0000000000000000 RDI: ffff8801824a7b00 + RBP: ffff8801b418bdf8 R08: 7fffff0034323030 R09: fffffffff04c03ed + R10: ffff8801824a7b00 R11: 0000000000000002 R12: ffff8801824a7b00 + R13: ffff8801824a7b00 R14: 0000000000000000 R15: ffff8803201725d0 + FS: 00002b53a46cb700(0000) GS:ffff88033fc20000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000038 CR3: 000000020a426000 CR4: 00000000000007e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 + Process java (pid: 30431, threadinfo ffff8801b418a000, task ffff8801b5d20600) + Stack: + ffff8801b418be44 ffff88032016d800 ffff8801b418bdf8 0000000000000000 + ffff8801824a7b00 ffff8801b418bdd7 ffff8803201725d0 ffffffff8116a9c0 + ffff8801b5c38dc0 0000000000000007 ffff88032016d800 0000000000000000 + Call Trace: + [] lookup_dcache+0x80/0xe0 + [] __lookup_hash+0x23/0x90 + [] lookup_one_len+0xc5/0x100 + [] nfs_sillyrename+0xe3/0x210 [nfs] + [] vfs_unlink.part.25+0x7f/0xe0 + [] do_unlinkat+0x1ac/0x1d0 + [] system_call_fastpath+0x16/0x1b + [<00002b5348b5f527>] 0x2b5348b5f526 + Code: ec 38 b8 f6 ff ff ff 4c 89 64 24 18 4c 89 74 24 28 49 89 fc 48 89 5c 24 08 48 89 6c 24 10 49 89 f6 4c 89 6c 24 20 4c 89 7c 24 30 46 38 40 0f 85 d1 00 00 00 e8 c4 c4 df e0 48 8b 58 30 49 89 + RIP [] nfs_lookup_revalidate+0x2d/0x480 [nfs] + RSP + CR2: 0000000000000038 + ---[ end trace 845113ed191985dd ]--- + +This Oops affects 3.5 kernels and older, and is due to lookup_one_len() +calling down to the dentry revalidation code with a NULL pointer +to struct nameidata. + +It is fixed upstream by commit 0b728e1911c (stop passing nameidata * +to ->d_revalidate()) + +Reported-by: Richard Ems +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/dir.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfs/dir.c ++++ b/fs/nfs/dir.c +@@ -1100,7 +1100,7 @@ static int nfs_lookup_revalidate(struct + struct nfs_fattr *fattr = NULL; + int error; + +- if (nd->flags & LOOKUP_RCU) ++ if (nd && (nd->flags & LOOKUP_RCU)) + return -ECHILD; + + parent = dget_parent(dentry); +@@ -1498,7 +1498,7 @@ static int nfs_open_revalidate(struct de + struct nfs_open_context *ctx; + int openflags, ret = 0; + +- if (nd->flags & LOOKUP_RCU) ++ if (nd && (nd->flags & LOOKUP_RCU)) + return -ECHILD; + + inode = dentry->d_inode; diff --git a/queue-3.0/series b/queue-3.0/series index efd3c57d32c..f7ce6de7154 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -11,3 +11,4 @@ nfsv3-make-v3-mounts-fail-with-etimedouts-instead-eio-on-mountd-timeouts.patch nfs-show-original-device-name-verbatim-in-proc-mount-s-info.patch nfsv4-nfs4_locku_done-must-release-the-sequence-id.patch nfs-fix-bug-in-legacy-dns-resolver.patch +nfs-fix-oopses-in-nfs_lookup_revalidate-and-nfs4_lookup_revalidate.patch