The following change for 2.3.42 fixes an oops on alpha machines when
nfsd
encounters an ESTALE file handle. The problem is that find_fh_dentry()
has
declared "err" as unsigned. The macro ERR_PTR(err) fails to sign extend
the -ESTALE being returned to fh_verify(), so the IS_ERR() macro fails
to
recognize the -ESTALE and fh_verify() uses it as a dentry pointer.
The result of the problem is a file handle that looks like:
crash> nfsd_attrstat fffffc0013734820
struct nfsd_attrstat {
fh = {
fh_handle = {
fh_base = {
fb_dentry = 0xfeebbaca,
fb_ino = 1761574,
fb_dirino = 1761569,
fb_dev = 2097,
fb_xdev = 2097,
fb_xino = 2,
fb_generation = 1789922
},
fh_cookie = 0xfffffc0013734840
},
fh_dentry = 0xffffffba, <--- -ESTALE
fh_export = 0xfffffc001445e800,
fh_locked = 0
fh_dverified = 1
}
}
And an example traceback:
crash> bt
PID: 1131 TASK: fffffc0011e34000 CPU: 0 COMMAND: "nfsd"
#0 [fffffc0011e37988] crash_save_current_state at fffffc0000333a9c
#1 [fffffc0011e37998] panic at fffffc0000324718
#2 [fffffc0011e37a38] die_if_kernel at fffffc00003113d0
#3 [fffffc0011e37a68] do_page_fault at fffffc000031d550
#4 [fffffc0011e37aa8] entMM at fffffc000031055c
EFRAME: fffffc0011e37ae0 R24: fffffc000051b818
R0: 00000000ffffffba R25: 0000000000000055
R1: 0000000000000001 R26: fffffc0000397d48 <fh_verify+0x228>
R2: 0000000000000001 R27: fffffc000031bfa0
R3: fffffc0000550828 R28: 0000000000000000
R4: fffffc0013385fa0 HAE: 0000000000000000
R5: fffffc00004c9e60 TRAP_A0: 00000000ffffffc2
R6: fffffc0000621540 TRAP_A1: 0000000000000001
R7: fffffc000051b818 TRAP_A2: 0000000000000000
R8: fffffc0011e34000 PS: 0000000000000000
R19: fffffc000061db30 PC: fffffc0000397dc8 <fh_verify+0x2a8>
R20: fffffc0013384bc0 GP: fffffc0000549488
R21: fffffc0005cb6400 R16: 0000000000000000
R22: fffffc00004c9e60 R17: fffffc00004e629c
R23: 000000000000014e R18: 0000000000000607
#5 [fffffc0011e37bc8] fh_verify at fffffc0000397dc8
#6 [fffffc0011e37c18] nfsd_open at fffffc0000398dac
#7 [fffffc0011e37c48] nfsd_write at fffffc000039949c
#8 [fffffc0011e37d68] nfsd_proc_write at fffffc0000395fcc
#9 [fffffc0011e37d88] nfsd_dispatch at fffffc00003952a8
#10 [fffffc0011e37db8] svc_process at fffffc000040bbac
#11 [fffffc0011e37e08] nfsd at fffffc0000394fbc
#12 [fffffc0011e37e48] kernel_thread at fffffc00003107f0
Thanks,
Anne Milicia milicia@missioncriticallinux.com
http://www.missioncriticallinux.com
diff -u linux-2.3.42/fs/nfsd/nfsfh.c.orig linux-2.3.42/fs/nfsd/nfsfh.c
--- linux-2.3.42/fs/nfsd/nfsfh.c.orig Thu Feb 10 10:06:53 2000
+++ linux-2.3.42/fs/nfsd/nfsfh.c Thu Feb 10 10:07:23 2000
@@ -301,7 +301,7 @@
struct dentry *dentry, *result = NULL;
struct dentry *tmp;
int found =0;
- u32 err;
+ int err;
/* This semaphore is needed to make sure that only one
unconnected (free)
* dcache path ever exists, as otherwise two partial paths might
get
* joined together, which would be very confusing.
--------------E065957BA476FDB372D22BB3
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
The following change for 2.3.42 fixes an oops on alpha machines when nfsd
encounters an ESTALE file handle. The problem is that find_fh_dentry()
has
declared "err" as unsigned. The macro ERR_PTR(err) fails to sign
extend
the -ESTALE being returned to fh_verify(), so the IS_ERR() macro fails
to
recognize the -ESTALE and fh_verify() uses it as a dentry pointer.
The result of the problem is a file handle that looks like:
crash> nfsd_attrstat fffffc0013734820
struct nfsd_attrstat {
fh = {
fh_handle = {
fh_base = {
fb_dentry
= 0xfeebbaca,
fb_ino
= 1761574,
fb_dirino
= 1761569,
fb_dev
= 2097,
fb_xdev
= 2097,
fb_xino
= 2,
fb_generation
= 1789922
},
fh_cookie = 0xfffffc0013734840
},
fh_dentry = 0xffffffba,
<--- -ESTALE
fh_export = 0xfffffc001445e800,
fh_locked = 0
fh_dverified = 1
}
}
And an example traceback:
crash> bt
PID: 1131 TASK: fffffc0011e34000 CPU:
0 COMMAND: "nfsd"
#0 [fffffc0011e37988] crash_save_current_state
at fffffc0000333a9c
#1 [fffffc0011e37998] panic at fffffc0000324718
#2 [fffffc0011e37a38] die_if_kernel at fffffc00003113d0
#3 [fffffc0011e37a68] do_page_fault at fffffc000031d550
#4 [fffffc0011e37aa8] entMM at fffffc000031055c
EFRAME: fffffc0011e37ae0
R24: fffffc000051b818
R0: 00000000ffffffba
R25: 0000000000000055
R1: 0000000000000001
R26: fffffc0000397d48 <fh_verify+0x228>
R2: 0000000000000001
R27: fffffc000031bfa0
R3: fffffc0000550828
R28: 0000000000000000
R4: fffffc0013385fa0
HAE: 0000000000000000
R5: fffffc00004c9e60
TRAP_A0: 00000000ffffffc2
R6: fffffc0000621540
TRAP_A1: 0000000000000001
R7: fffffc000051b818
TRAP_A2: 0000000000000000
R8: fffffc0011e34000
PS: 0000000000000000
R19: fffffc000061db30
PC: fffffc0000397dc8 <fh_verify+0x2a8>
R20: fffffc0013384bc0
GP: fffffc0000549488
R21: fffffc0005cb6400
R16: 0000000000000000
R22: fffffc00004c9e60
R17: fffffc00004e629c
R23: 000000000000014e
R18: 0000000000000607
#5 [fffffc0011e37bc8] fh_verify at fffffc0000397dc8
#6 [fffffc0011e37c18] nfsd_open at fffffc0000398dac
#7 [fffffc0011e37c48] nfsd_write at fffffc000039949c
#8 [fffffc0011e37d68] nfsd_proc_write at fffffc0000395fcc
#9 [fffffc0011e37d88] nfsd_dispatch at fffffc00003952a8
#10 [fffffc0011e37db8] svc_process at fffffc000040bbac
#11 [fffffc0011e37e08] nfsd at fffffc0000394fbc
#12 [fffffc0011e37e48] kernel_thread at fffffc00003107f0
Thanks,
Anne Milicia milicia@missioncriticallinux.com
http://www.missioncriticallinux.com
diff -u linux-2.3.42/fs/nfsd/nfsfh.c.orig linux-2.3.42/fs/nfsd/nfsfh.c
--- linux-2.3.42/fs/nfsd/nfsfh.c.orig
Thu Feb 10 10:06:53 2000
+++ linux-2.3.42/fs/nfsd/nfsfh.c
Thu Feb 10 10:07:23 2000
@@ -301,7 +301,7 @@
struct
dentry *dentry, *result = NULL;
struct
dentry *tmp;
int
found =0;
- u32 err;
+ int err;
/* This
semaphore is needed to make sure that only one unconnected (free)
* dcache path ever exists, as otherwise two partial paths might get
* joined together, which would be very confusing.
--------------E065957BA476FDB372D22BB3--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/