linux-hardened/fs/lockd
Chuck Lever 80c30e8de4 NLM: Fix "kernel BUG at fs/lockd/host.c:417!" or ".../host.c:283!"
Nick Bowler <nbowler@elliptictech.com> reports:

> We were just having some NFS server troubles, and my client machine
> running 2.6.38-rc1+ (specifically, commit 2b1caf6ed7) crashed
> hard (syslog output appended to this mail).
>
> I'm not sure what the exact timeline was or how to reproduce this,
> but the server was rebooted during all this.  Since I've never seen
> this happen before, it is possibly a regression from previous kernel
> releases.  However, I recently updated my nfs-utils (on the client) to
> version 1.2.3, so that might be related as well.

  [ BUG output redacted ]

When done searching, the for_each_host loop in next_host_state() falls
through and returns the final host on the host chain without bumping
it's reference count.

Since the host's ref count is only one at that point, releasing the
host in nlm_host_rebooted() attempts to destroy the host prematurely,
and therefore hits a BUG().

Likely, the original intent of the for_each_host behavior in
next_host_state() was to handle the case when the host chain is empty.
Searching the chain and finding no suitable host to return needs to be
handled as well.

Defensively restructure next_host_state() always to return NULL when
the loop falls through.

Introduced by commit b10e30f6 "lockd: reorganize nlm_host_rebooted".

Cc: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2011-01-25 15:24:47 -05:00
..
clnt4xdr.c SUNRPC: New xdr_streams XDR decoder API 2010-12-16 12:37:25 -05:00
clntlock.c lockd: Create client-side nlm_host cache 2010-12-16 12:37:26 -05:00
clntproc.c lockd: Create client-side nlm_host cache 2010-12-16 12:37:26 -05:00
clntxdr.c SUNRPC: New xdr_streams XDR decoder API 2010-12-16 12:37:25 -05:00
grace.c nfsd: common grace period control 2008-10-03 16:19:02 -04:00
host.c NLM: Fix "kernel BUG at fs/lockd/host.c:417!" or ".../host.c:283!" 2011-01-25 15:24:47 -05:00
Makefile lockd: Introduce new-style XDR functions for NLMv4 2010-12-16 12:37:23 -05:00
mon.c SUNRPC: New xdr_streams XDR decoder API 2010-12-16 12:37:25 -05:00
svc.c lockd: push lock_flocks down 2010-10-27 21:39:39 +02:00
svc4proc.c lockd: Clean up nlmsvc_lookup_host() 2010-12-16 12:37:26 -05:00
svclock.c lockd: Split nlm_release_call() 2010-12-16 12:37:26 -05:00
svcproc.c lockd: Clean up nlmsvc_lookup_host() 2010-12-16 12:37:26 -05:00
svcshare.c lockd: fix sparse warning in svcshare.c 2008-04-23 16:13:39 -04:00
svcsubs.c lockd: push lock_flocks down 2010-10-27 21:39:39 +02:00
xdr.c lockd: Move nlmdbg_cookie2a() to svclock.c 2010-12-16 12:37:24 -05:00
xdr4.c lockd: Introduce new-style XDR functions for NLMv4 2010-12-16 12:37:23 -05:00