linux/fs/nfs
Marc Zyngier 31c9446993 nfs_remount oops when rebooting + possible fix
Jeff, Trond,

The commit

48b605f83c (NFS: implement option checking
when remounting NFS filesystems (resend))

generate an Oops on my platform when rebooting while its root FS on
an NFS share (NFSv3, TCP) :

Unmounting local filesystems...done.
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c3d00000
[00000000] *pgd=a3d72031, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1]
Modules linked in: cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_conservative ext3 jbd sd_mod pata_pcmcia libata scsi_mod pcmcia loop firmware_class pxafb cfbcopyarea cfbimgblt cfbfillrect pxa2xx_cs pxa2xx_core pcmcia_core snd_pxa2xx_ac97 snd_ac97_codec ac97_bus snd_pxa2xx_pcm snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd isp116x_hcd soundcore rtc_sa1100 snd_page_alloc pxa25x_udc usbcore rtc_ds1307 rtc_core
CPU: 0    Not tainted  (2.6.26-03414-g33af79d-dirty #15)
PC is at nfs_remount+0x40/0x264
LR is at do_remount_sb+0x158/0x194
pc : [<c00bbf54>]    lr : [<c0076c40>]    psr: 60000013
sp : c2dd1e70  ip : c2dd1e98  fp : c2dd1e94
r10: 00000040  r9 : c3d17000  r8 : c3c3fc40
r7 : 00000000  r6 : 00000000  r5 : c3d2b200  r4 : 00000000
r3 : 00000003  r2 : 00000000  r1 : c2dd1e9c  r0 : c3c3fc00
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0000397f  Table: a3d00000  DAC: 00000015
Process mount (pid: 1462, stack limit = 0xc2dd0270)
Stack: (0xc2dd1e70 to 0xc2dd2000)
1e60:                                     00000000 c3c3fc00 00000000 00000000
1e80: c3c3fc40 c3d17000 c2dd1ebc c2dd1e98 c0076c40 c00bbf20 c01c61e4 00000001
1ea0: c2dd1ebc 00000001 c3c3fc00 c2dd1ef0 c2dd1ee4 c2dd1ec0 c008c6d8 c0076af4
1ec0: 00000021 00000040 c2dd1ef0 c3d77000 c3eaa000 00000000 c2dd1f6c c2dd1ee8
1ee0: c008d1bc c008c5f8 00000000 c2dd0000 c3c0c320 c3805b38 c002064c 0001f820
1f00: 0001f810 00000001 00000001 00000000 c2dd0000 00000000 c2dd1f34 c2dd1f28
1f20: c005ead8 c005e6f8 c2dd1f44 c2dd1f38 c005eaf8 c005ead0 c2dd1f6c c2dd1f48
1f40: c008ae3c 00000000 c3d77000 0001f810 c0ed0021 c0020ca8 c2dd0000 00000000
1f60: c2dd1fa4 c2dd1f70 c008d2d4 c008d0bc 00000000 0001f810 c2dd1f9c c3eaa000
1f80: c3d17000 00000000 00000000 be8b6aa8 be8b6ad0 00000015 00000000 c2dd1fa8
1fa0: c0020b00 c008d254 00000000 be8b6aa8 0001f810 0001f820 0001f830 c0ed0021
1fc0: 00000000 be8b6aa8 be8b6ad0 00000015 00000000 be8b6ad0 0001f810 be8b6aa8
1fe0: 0001f810 be8b6964 0000aab8 40125124 60000010 0001f810 00000000 00000000
Backtrace:
[<c00bbf14>] (nfs_remount+0x0/0x264) from [<c0076c40>] (do_remount_sb+0x158/0x194)
  r9:c3d17000 r8:c3c3fc40 r7:00000000 r6:00000000 r5:c3c3fc00
r4:00000000
[<c0076ae8>] (do_remount_sb+0x0/0x194) from [<c008c6d8>] (do_remount+0xec/0x118)
  r6:c2dd1ef0 r5:c3c3fc00 r4:00000001
[<c008c5ec>] (do_remount+0x0/0x118) from [<c008d1bc>] (do_mount+0x10c/0x198)
[<c008d0b0>] (do_mount+0x0/0x198) from [<c008d2d4>] (sys_mount+0x8c/0xd4)
[<c008d248>] (sys_mount+0x0/0xd4) from [<c0020b00>] (ret_fast_syscall+0x0/0x2c)
  r7:00000015 r6:be8b6ad0 r5:be8b6aa8 r4:00000000
Code: 0a000086 ea000006 e3530003 8a000004 (e5923000)
---[ end trace 55e1b689cf8c8a6a ]---
------------[ cut here ]------------
WARNING: at kernel/exit.c:966 do_exit+0x3c/0x628()
Modules linked in: cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_conservative ext3 jbd sd_mod pata_pcmcia libata scsi_mod pcmcia loop firmware_class pxafb cfbcopyarea cfbimgblt cfbfillrect pxa2xx_cs pxa2xx_core pcmcia_core snd_pxa2xx_ac97 snd_ac97_codec ac97_bus snd_pxa2xx_pcm snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd isp116x_hcd soundcore rtc_sa1100 snd_page_alloc pxa25x_udc usbcore rtc_ds1307 rtc_core
[<c0025168>] (dump_stack+0x0/0x14) from [<c0032154>] (warn_on_slowpath+0x4c/0x68)
[<c0032108>] (warn_on_slowpath+0x0/0x68) from [<c003531c>] (do_exit+0x3c/0x628)
  r6:0000000b r5:c3c3dc80 r4:c2dd0000
[<c00352e0>] (do_exit+0x0/0x628) from [<c0025004>] (die+0x2b0/0x30c)
[<c0024d54>] (die+0x0/0x30c) from [<c00270bc>] (__do_kernel_fault+0x6c/0x80)
[<c0027050>] (__do_kernel_fault+0x0/0x80) from [<c00272e0>] (do_page_fault+0x210/0x230)
  r7:c3fa7118 r6:c3c3dc80 r5:c3d166a8 r4:00010000
[<c00270d0>] (do_page_fault+0x0/0x230) from [<c00201ec>] (do_DataAbort+0x3c/0xa0)
[<c00201b0>] (do_DataAbort+0x0/0xa0) from [<c002064c>] (__dabt_svc+0x4c/0x60)
Exception stack(0xc2dd1e28 to 0xc2dd1e70)
1e20:                   c3c3fc00 c2dd1e9c 00000000 00000003 00000000 c3d2b200
1e40: 00000000 00000000 c3c3fc40 c3d17000 00000040 c2dd1e94 c2dd1e98 c2dd1e70
1e60: c0076c40 c00bbf54 60000013 ffffffff
  r8:c3c3fc40 r7:00000000 r6:00000000 r5:c2dd1e5c r4:ffffffff
[<c00bbf14>] (nfs_remount+0x0/0x264) from [<c0076c40>] (do_remount_sb+0x158/0x194)
  r9:c3d17000 r8:c3c3fc40 r7:00000000 r6:00000000 r5:c3c3fc00
r4:00000000
[<c0076ae8>] (do_remount_sb+0x0/0x194) from [<c008c6d8>] (do_remount+0xec/0x118)
  r6:c2dd1ef0 r5:c3c3fc00 r4:00000001
[<c008c5ec>] (do_remount+0x0/0x118) from [<c008d1bc>] (do_mount+0x10c/0x198)
[<c008d0b0>] (do_mount+0x0/0x198) from [<c008d2d4>] (sys_mount+0x8c/0xd4)
[<c008d248>] (sys_mount+0x0/0xd4) from [<c0020b00>] (ret_fast_syscall+0x0/0x2c)
  r7:00000015 r6:be8b6ad0 r5:be8b6aa8 r4:00000000
---[ end trace 55e1b689cf8c8a6a ]---
/etc/rc6.d/S60umountroot: line 17:  1462 Segmentation fault      mount $MOUNT_FORCE_OPT -n -o remount,ro -t dummytype dummydev / 2> /dev/null

The new super.c:nfs_remount function doesn't check the validity of the
options/options4 pointers. Unfortunately, this seems to happend.
The obvious patch seems to check the pointers, and not to do anything if
the happend to be NULL.

Tested on an XScale PXA255 system, latest git.

Regards,

	M.

Signed-off-by: Marc Zyngier <marc.zyngier@altran.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-07-27 18:20:41 -04:00
..
callback_proc.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
callback_xdr.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
callback.c nfs4: fix potential race with rapid nfs_callback_up/down cycle 2008-07-09 12:09:32 -04:00
callback.h NFS: Change cb_recallargs to pass "struct sockaddr *" instead of sockaddr_in 2008-01-30 02:05:55 -05:00
client.c NFS: set transport defaults after mount option parsing is finished 2008-07-09 12:09:38 -04:00
delegation.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
delegation.h NFS: Add an asynchronous delegreturn operation for use in nfs_clear_inode 2008-01-30 02:06:12 -05:00
dir.c [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
direct.c NFS: Use NFSDBG_FILE for all fops 2008-07-09 12:09:04 -04:00
file.c Merge branch 'bkl-removal' into next 2008-07-15 18:34:58 -04:00
getroot.c Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
idmap.c nfs: fix sparse warnings 2008-02-20 16:15:44 -05:00
inode.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
internal.h NFS: Ensure we zap only the access and acl caches when setting new acls 2008-07-09 12:09:19 -04:00
iostat.h NFS: Fix a warning in nfs4_async_handle_error 2008-07-09 12:09:18 -04:00
Makefile NFS: Always enable NFS direct I/O 2008-03-19 18:00:34 -04:00
mount_clnt.c NFS: Fix filehandle size comparisons in the mount code 2008-06-23 17:09:06 -04:00
namespace.c nfs: path_{get,put}() cleanups 2008-05-16 09:43:30 -07:00
nfs2xdr.c nfs: return negative error value from nfs{,4}_stat_to_errno 2008-04-19 16:54:47 -04:00
nfs3acl.c NFS: Ensure we zap only the access and acl caches when setting new acls 2008-07-09 12:09:19 -04:00
nfs3proc.c NFS: Remove the redundant file_open entry from struct nfs_rpc_ops 2008-07-09 12:09:16 -04:00
nfs3xdr.c nfs: return negative error value from nfs{,4}_stat_to_errno 2008-04-19 16:54:47 -04:00
nfs4_fs.h nfs: make nfs4_drop_state_owner() static 2008-05-16 09:43:31 -07:00
nfs4namespace.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
nfs4proc.c NFS: Remove BKL usage from open() 2008-07-15 18:10:53 -04:00
nfs4renewd.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
nfs4state.c NFSv4: Remove BKL from the nfsv4 state recovery 2008-07-15 18:10:57 -04:00
nfs4xdr.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
nfsroot.c fix fs/nfs/nfsroot.c compilation 2008-07-24 17:32:41 -07:00
pagelist.c Merge branch 'task_killable' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-02-01 11:45:47 +11:00
proc.c NFS: Remove the redundant file_open entry from struct nfs_rpc_ops 2008-07-09 12:09:16 -04:00
read.c nfs: replace remaining __FUNCTION__ occurrences 2008-05-16 09:43:29 -07:00
super.c nfs_remount oops when rebooting + possible fix 2008-07-27 18:20:41 -04:00
symlink.c nfs: remove unnecessary NFS_NEED_* defines 2008-04-23 16:13:37 -04:00
sysctl.c [PATCH] nfs: fix congestion control 2007-03-16 19:25:05 -07:00
unlink.c SUNRPC: Add a helper rpcauth_lookup_generic_cred() 2008-03-14 13:42:49 -04:00
write.c NFS: Remove BKL requirement from attribute updates 2008-07-15 18:10:51 -04:00