kernel BUG at fs/nfs/namespace.c:108! - can be triggered by bad server
Hi Trond, I have discovered that the BUG_ON in nfs_follow_mountpoint: BUG_ON(IS_ROOT(dentry)); can be triggered by a misbehaving server. What happens is the client does a lookup and discoveres that the named directory has a different fsid, so it initiates a mount. It then performs a GETATTR on the mounted directory and gets a different fsid again (due to a bug in the NFS server). This causes nfs_follow_mountpoint to be called on the newly mounted root, which triggers the BUG_ON. To duplicate this, have a directory which contains some mountpoints, and export that directory with the "crossmnt" flag using nfs-utils 1.1.1 (or 1.1.0 I think) The GETATTR on the root of the mounted filesystem will return the information for the top exportpoint, while a lookup will return the correct information. This difference causes the NFS client to BUG. I think the best way to fix this is to trap this possibility early, so just before completing the mount in the NFS client, check that it isn't going to use nfs_mountpoint_inode_operations. As long as i_op will never change once set (is that true?), this should be adequately safe. The following patch shows a possible approach, and it works for me. i.e. when the NFS server is misbehaving, I get ESTALE on those mountpoints, while when the NFS server is working correctly, I get correct behaviour on the client. NeilBrown Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
parent
eda4f9b799
commit
4c1fe2f78a
1 changed files with 5 additions and 0 deletions
|
@ -1474,6 +1474,11 @@ static int nfs_xdev_get_sb(struct file_system_type *fs_type, int flags,
|
|||
error = PTR_ERR(mntroot);
|
||||
goto error_splat_super;
|
||||
}
|
||||
if (mntroot->d_inode->i_op != &nfs_dir_inode_operations) {
|
||||
dput(mntroot);
|
||||
error = -ESTALE;
|
||||
goto error_splat_super;
|
||||
}
|
||||
|
||||
s->s_flags |= MS_ACTIVE;
|
||||
mnt->mnt_sb = s;
|
||||
|
|
Loading…
Reference in a new issue