Bug 253190
Summary: | NULL pointer deref in nfs_create | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Peter Zijlstra <pzijlstr> | ||||||||
Component: | kernel | Assignee: | Peter Zijlstra <pzijlstr> | ||||||||
Status: | CLOSED WONTFIX | QA Contact: | Martin Jenner <mjenner> | ||||||||
Severity: | low | Docs Contact: | |||||||||
Priority: | low | ||||||||||
Version: | 4.5 | CC: | jlayton, lwang, rwheeler, steved | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2012-06-20 13:32:43 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Peter Zijlstra
2007-08-17 12:04:27 UTC
Created attachment 161728 [details]
serial console output
Created attachment 161729 [details]
patch required for recent assembler
first patch to allow compilation on recent userspace
Created attachment 161730 [details]
second patch needed to compile on recent userspace
compiled the kernel with nfs build in, gives: Unable to handle kernel NULL pointer dereference at 0000000000000350 RIP: <ffffffff801f343f>{nfs_create+303} [root@taijtu linux-2.6.9]# addr2line -e vmlinux ffffffff801f343f /home/peter/rh-cvs/kernel/RHEL-4/kernel-2.6.9/linux-2.6.9/fs/nfs/dir.c:1260 which is line 31 below: 1 /* 2 * Following a failed create operation, we drop the dentry rather 3 * than retain a negative dentry. This avoids a problem in the event 4 * that the operation succeeded on the server, but an error in the 5 * reply path made it appear to have failed. 6 */ 7 static int nfs_create(struct inode *dir, struct dentry *dentry, int mode, 8 struct nameidata *nd) 9 { 10 struct iattr attr; 11 int error; 12 int open_flags = 0; 13 14 dfprintk(VFS, "NFS: create(%s/%ld, %s\n", dir->i_sb->s_id, 15 dir->i_ino, dentry->d_name.name); 16 17 attr.ia_mode = mode; 18 attr.ia_valid = ATTR_MODE; 19 20 if (nd && (nd->flags & LOOKUP_CREATE)) 21 open_flags = nd->intent.open.flags; 22 23 /* 24 * The 0 argument passed into the create function should one day 25 * contain the O_EXCL flag if requested. This allows NFSv3 to 26 * select the appropriate create strategy. Currently open_namei 27 * does not pass the create flags. 28 */ 29 lock_kernel(); 30 nfs_begin_data_update(dir); 31 error = NFS_PROTO(dir)->create(dir, dentry, &attr, open_flags); 32 nfs_end_data_update(dir); 33 if (error != 0) 34 goto out_err; 35 nfs_renew_times(dentry); 36 nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); 37 unlock_kernel(); 38 return 0; 39 40 out_err: 41 unlock_kernel(); 42 d_drop(dentry); 43 return error; 44 } Strange -- it's not clear to me why mount.nfs would be attempting to stat a file on a NFS filesystem. Once the mount syscall is done, I don't think it tries to do any access on the fs... Did this client have heirarchical mounts (nfs mount within a nfs mount)? If so, that might explain it (since mount.nfs would try to stat the mountpoint). So I guess you're using nfs-utils from rawhide too? If so, what version is it? There's an upstream transition to make nfs use string-based mount options. Perhaps that got enabled for this kernel somehow and it actually allowed the mount to work? Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue. |