github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4e16957a4c
linux/net
History
Trond Myklebust 2193d2c2d0 SUNRPC: After calling xprt_release(), we must restart from call_reserve 
commit 118df3d17f upstream.

Rob Leslie reports seeing the following Oops after his Kerberos session
expired.

BUG: unable to handle kernel NULL pointer dereference at 00000058
IP: [<e186ed94>] rpcauth_refreshcred+0x11/0x12c [sunrpc]
*pde = 00000000
Oops: 0000 [#1]
last sysfs file: /sys/devices/platform/pc87360.26144/temp3_input
Modules linked in: autofs4 authenc esp4 xfrm4_mode_transport ipt_LOG ipt_REJECT xt_limit xt_state ipt_REDIRECT xt_owner xt_HL xt_hl xt_tcpudp xt_mark cls_u32 cls_tcindex sch_sfq sch_htb sch_dsmark geodewdt deflate ctr twofish_generic twofish_i586 twofish_common camellia serpent blowfish cast5 cbc xcbc rmd160 sha512_generic sha1_generic hmac crypto_null af_key rpcsec_gss_krb5 nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc ip_gre sit tunnel4 dummy ext3 jbd nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables x_tables pc8736x_gpio nsc_gpio pc87360 hwmon_vid loop aes_i586 aes_generic sha256_generic dm_crypt cs5535_gpio serio_raw cs5535_mfgpt hifn_795x des_generic geode_rng rng_core led_class ext4 mbcache jbd2 crc16 dm_mirror dm_region_hash dm_log dm_snapshot dm_mod sd_mod crc_t10dif ide_pci_generic cs5536 amd74xx ide_core pata_cs5536 ata_generic libata usb_storage via_rhine mii scsi_mod btrfs zlib_deflate crc32c libcrc32c [last unloaded: scsi_wait_scan]

Pid: 12875, comm: sudo Not tainted 2.6.36-net5501 #1 /
EIP: 0060:[<e186ed94>] EFLAGS: 00010292 CPU: 0
EIP is at rpcauth_refreshcred+0x11/0x12c [sunrpc]
EAX: 00000000 EBX: defb13a0 ECX: 00000006 EDX: e18683b8
ESI: defb13a0 EDI: 00000000 EBP: 00000000 ESP: de571d58
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process sudo (pid: 12875, ti=de570000 task=decd1430 task.ti=de570000)
Stack:
 e186e008 00000000 defb13a0 0000000d deda6000 e1868f22 e196f12b defb13a0
<0> defb13d8 00000000 00000000 e186e0aa 00000000 defb13a0 de571dac 00000000
<0> e186956c de571e34 debea5c0 de571dc8 e186967a 00000000 debea5c0 de571e34
Call Trace:
 [<e186e008>] ? rpc_wake_up_next+0x114/0x11b [sunrpc]
 [<e1868f22>] ? call_decode+0x24a/0x5af [sunrpc]
 [<e196f12b>] ? nfs4_xdr_dec_access+0x0/0xa2 [nfs]
 [<e186e0aa>] ? __rpc_execute+0x62/0x17b [sunrpc]
 [<e186956c>] ? rpc_run_task+0x91/0x97 [sunrpc]
 [<e186967a>] ? rpc_call_sync+0x40/0x5b [sunrpc]
 [<e1969ca2>] ? nfs4_proc_access+0x10a/0x176 [nfs]
 [<e19572fa>] ? nfs_do_access+0x2b1/0x2c0 [nfs]
 [<e186ed61>] ? rpcauth_lookupcred+0x62/0x84 [sunrpc]
 [<e19573b6>] ? nfs_permission+0xad/0x13b [nfs]
 [<c0177824>] ? exec_permission+0x15/0x4b
 [<c0177fbd>] ? link_path_walk+0x4f/0x456
 [<c017867d>] ? path_walk+0x4c/0xa8
 [<c0179678>] ? do_path_lookup+0x1f/0x68
 [<c017a3fb>] ? user_path_at+0x37/0x5f
 [<c016359c>] ? handle_mm_fault+0x229/0x55b
 [<c0170a2d>] ? sys_faccessat+0x93/0x146
 [<c0170aef>] ? sys_access+0xf/0x13
 [<c02cf615>] ? syscall_call+0x7/0xb
Code: 0f 94 c2 84 d2 74 09 8b 44 24 0c e8 6a e9 8b de 83 c4 14 89 d8 5b 5e 5f 5d c3 55 57 56 53 83 ec 1c fc 89 c6 8b 40 10 89 44 24 04 <8b> 58 58 85 db 0f 85 d4 00 00 00 0f b7 46 70 8b 56 20 89 c5 83
EIP: [<e186ed94>] rpcauth_refreshcred+0x11/0x12c [sunrpc] SS:ESP 0068:de571d58
CR2: 0000000000000058

This appears to be caused by the function rpc_verify_header() first
calling xprt_release(), then doing a call_refresh. If we release the
transport slot, we should _always_ jump back to call_reserve before
calling anything else.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-12-09 13:32:18 -08:00
..
9p Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-28 12:01:26 -07:00
802 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
8021q vlan: dont drop packets from unknown vlans in promiscuous mode 2010-09-30 18:04:21 -07:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm ATM: mpc, fix use after free 2010-10-11 11:05:42 -07:00
ax25 ax25: missplaced sock_put(sk) 2010-08-26 15:18:27 -07:00
bluetooth Bluetooth: fix oops in l2cap_connect_req 2010-11-22 11:03:01 -08:00
bridge bridge: Clear INET control block of SKBs passed into ip_fragment(). 2010-09-01 19:17:34 -07:00
caif caif: fix two caif_connect() bugs 2010-10-05 20:35:53 -07:00
can can: add limit for nframes and clean up signed/unsigned variables 2010-08-11 16:12:35 -07:00
core net: clear heap allocations for privileged ethtool actions 2010-10-11 12:23:25 -07:00
dcb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dccp net: dccp: fix sign bug 2010-07-18 15:07:14 -07:00
decnet net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
dns_resolver DNS: If the DNS server returns an error, allow that to be cached [ver #2] 2010-08-11 17:11:28 +00:00
dsa phylib: available for any speed ethernet 2010-08-11 23:03:50 -07:00
econet econet: fix locking 2010-06-11 18:37:08 -07:00
ethernet Net: ethernet: pe2.c: fix EXPORT_SYMBOL macro code style issue 2010-07-14 18:27:09 -07:00
ieee802154 ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc 2010-05-23 23:11:07 -07:00
ipv4 ipv4: correct IGMP behavior on v3 query during v2-compatibility mode 2010-10-03 21:58:47 -07:00
ipv6 net: Fix IPv6 PMTU disc. w/ asymmetric routes 2010-10-03 14:49:00 -07:00
ipx include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
irda irda: Fix heap memory corruption in iriap.c 2010-12-09 13:31:56 -08:00
iucv net: use __packed annotation 2010-06-03 03:21:52 -07:00
key pfkey: add severity to printk 2010-05-17 23:23:13 -07:00
l2tp l2tp: test for ethernet header in l2tp_eth_dev_recv() 2010-08-26 13:29:38 -07:00
lapb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
llc net/llc: storing negative error codes in unsigned short 2010-09-16 22:38:23 -07:00
mac80211 mac80211: don't sanitize invalid rates 2010-12-09 13:32:13 -08:00
netfilter secmark: do not return early if there was no error 2010-11-22 11:03:17 -08:00
netlabel net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
netlink netlink: Make NETLINK_USERSOCK work again. 2010-08-31 09:51:37 -07:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet packet_mmap: expose hw packet timestamps to network packet capture utilities 2010-06-02 05:53:56 -07:00
phonet Phonet: Correct header retrieval after pskb_may_pull 2010-09-29 19:41:04 -07:00
rds De-pessimize rds_page_copy_user 2010-10-15 11:09:28 -07:00
rfkill Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
rose rose: Fix signedness issues wrt. digi count. 2010-09-20 15:40:35 -07:00
rxrpc Add a dummy printk function for the maintenance of unused printks 2010-08-12 09:51:35 -07:00
sched cls_u32: signedness bug 2010-10-05 00:40:39 -07:00
sctp sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() 2010-10-03 21:58:49 -07:00
sunrpc SUNRPC: After calling xprt_release(), we must restart from call_reserve 2010-12-09 13:32:18 -08:00
tipc tipc: Reduce footprint by un-inlining tipc_msg_* routines 2010-05-12 23:02:29 -07:00
unix UNIX: Do not loop forever at unix_autobind(). 2010-09-07 13:57:23 -07:00
wanrouter net: autoconvert trivial BKL users to private mutex 2010-07-12 20:21:47 -07:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless cfg80211: fix regression on processing country IEs 2010-12-09 13:32:07 -08:00
x25 X25: Remove bkl in sockopts 2010-05-17 17:39:28 -07:00
xfrm xfrm: Allow different selector family in temporary state 2010-09-20 11:11:38 -07:00
compat.c From abbffa2aa9bd6f8df16d0d0a102af677510d8b9a Mon Sep 17 00:00:00 2001 2010-06-03 20:03:40 -07:00
Kconfig net: RPS needs to depend upon USE_GENERIC_SMP_HELPERS 2010-09-14 21:42:22 -07:00
Makefile DNS: Separate out CIFS DNS Resolver code 2010-08-05 17:17:51 +00:00
nonet.c
socket.c net: support time stamping in phy devices. 2010-07-18 19:15:26 -07:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE