[PATCH] nfsd oops on alpha servers

From: Anne Milicia (milicia@missioncriticallinux.com)
Date: Thu Feb 10 2000 - 14:28:17 EST


The following change for 2.3.42 fixes an oops on alpha machines when
nfsd
encounters an ESTALE file handle. The problem is that find_fh_dentry()
has
declared "err" as unsigned. The macro ERR_PTR(err) fails to sign extend

the -ESTALE being returned to fh_verify(), so the IS_ERR() macro fails
to
recognize the -ESTALE and fh_verify() uses it as a dentry pointer.

The result of the problem is a file handle that looks like:

crash> nfsd_attrstat fffffc0013734820
struct nfsd_attrstat {
  fh = {
    fh_handle = {
      fh_base = {
        fb_dentry = 0xfeebbaca,
        fb_ino = 1761574,
        fb_dirino = 1761569,
        fb_dev = 2097,
        fb_xdev = 2097,
        fb_xino = 2,
        fb_generation = 1789922
      },
      fh_cookie = 0xfffffc0013734840
    },
    fh_dentry = 0xffffffba, <--- -ESTALE
    fh_export = 0xfffffc001445e800,
    fh_locked = 0
    fh_dverified = 1
  }
}

And an example traceback:

crash> bt
PID: 1131 TASK: fffffc0011e34000 CPU: 0 COMMAND: "nfsd"
 #0 [fffffc0011e37988] crash_save_current_state at fffffc0000333a9c
 #1 [fffffc0011e37998] panic at fffffc0000324718
 #2 [fffffc0011e37a38] die_if_kernel at fffffc00003113d0
 #3 [fffffc0011e37a68] do_page_fault at fffffc000031d550
 #4 [fffffc0011e37aa8] entMM at fffffc000031055c
 EFRAME: fffffc0011e37ae0 R24: fffffc000051b818
     R0: 00000000ffffffba R25: 0000000000000055
     R1: 0000000000000001 R26: fffffc0000397d48 <fh_verify+0x228>
     R2: 0000000000000001 R27: fffffc000031bfa0
     R3: fffffc0000550828 R28: 0000000000000000
     R4: fffffc0013385fa0 HAE: 0000000000000000
     R5: fffffc00004c9e60 TRAP_A0: 00000000ffffffc2
     R6: fffffc0000621540 TRAP_A1: 0000000000000001
     R7: fffffc000051b818 TRAP_A2: 0000000000000000
     R8: fffffc0011e34000 PS: 0000000000000000
    R19: fffffc000061db30 PC: fffffc0000397dc8 <fh_verify+0x2a8>
    R20: fffffc0013384bc0 GP: fffffc0000549488
    R21: fffffc0005cb6400 R16: 0000000000000000
    R22: fffffc00004c9e60 R17: fffffc00004e629c
    R23: 000000000000014e R18: 0000000000000607
 #5 [fffffc0011e37bc8] fh_verify at fffffc0000397dc8
 #6 [fffffc0011e37c18] nfsd_open at fffffc0000398dac
 #7 [fffffc0011e37c48] nfsd_write at fffffc000039949c
 #8 [fffffc0011e37d68] nfsd_proc_write at fffffc0000395fcc
 #9 [fffffc0011e37d88] nfsd_dispatch at fffffc00003952a8
#10 [fffffc0011e37db8] svc_process at fffffc000040bbac
#11 [fffffc0011e37e08] nfsd at fffffc0000394fbc
#12 [fffffc0011e37e48] kernel_thread at fffffc00003107f0

Thanks,
Anne Milicia milicia@missioncriticallinux.com
http://www.missioncriticallinux.com

diff -u linux-2.3.42/fs/nfsd/nfsfh.c.orig linux-2.3.42/fs/nfsd/nfsfh.c
--- linux-2.3.42/fs/nfsd/nfsfh.c.orig Thu Feb 10 10:06:53 2000
+++ linux-2.3.42/fs/nfsd/nfsfh.c Thu Feb 10 10:07:23 2000
@@ -301,7 +301,7 @@
        struct dentry *dentry, *result = NULL;
        struct dentry *tmp;
        int found =0;
- u32 err;
+ int err;
        /* This semaphore is needed to make sure that only one
unconnected (free)
         * dcache path ever exists, as otherwise two partial paths might
get
         * joined together, which would be very confusing.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:18 EST