aha/fs
Marc Zyngier 31c9446993 nfs_remount oops when rebooting + possible fix
Jeff, Trond,

The commit

48b605f83c (NFS: implement option checking
when remounting NFS filesystems (resend))

generate an Oops on my platform when rebooting while its root FS on
an NFS share (NFSv3, TCP) :

Unmounting local filesystems...done.
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c3d00000
[00000000] *pgd=a3d72031, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1]
Modules linked in: cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_conservative ext3 jbd sd_mod pata_pcmcia libata scsi_mod pcmcia loop firmware_class pxafb cfbcopyarea cfbimgblt cfbfillrect pxa2xx_cs pxa2xx_core pcmcia_core snd_pxa2xx_ac97 snd_ac97_codec ac97_bus snd_pxa2xx_pcm snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd isp116x_hcd soundcore rtc_sa1100 snd_page_alloc pxa25x_udc usbcore rtc_ds1307 rtc_core
CPU: 0    Not tainted  (2.6.26-03414-g33af79d-dirty #15)
PC is at nfs_remount+0x40/0x264
LR is at do_remount_sb+0x158/0x194
pc : [<c00bbf54>]    lr : [<c0076c40>]    psr: 60000013
sp : c2dd1e70  ip : c2dd1e98  fp : c2dd1e94
r10: 00000040  r9 : c3d17000  r8 : c3c3fc40
r7 : 00000000  r6 : 00000000  r5 : c3d2b200  r4 : 00000000
r3 : 00000003  r2 : 00000000  r1 : c2dd1e9c  r0 : c3c3fc00
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0000397f  Table: a3d00000  DAC: 00000015
Process mount (pid: 1462, stack limit = 0xc2dd0270)
Stack: (0xc2dd1e70 to 0xc2dd2000)
1e60:                                     00000000 c3c3fc00 00000000 00000000
1e80: c3c3fc40 c3d17000 c2dd1ebc c2dd1e98 c0076c40 c00bbf20 c01c61e4 00000001
1ea0: c2dd1ebc 00000001 c3c3fc00 c2dd1ef0 c2dd1ee4 c2dd1ec0 c008c6d8 c0076af4
1ec0: 00000021 00000040 c2dd1ef0 c3d77000 c3eaa000 00000000 c2dd1f6c c2dd1ee8
1ee0: c008d1bc c008c5f8 00000000 c2dd0000 c3c0c320 c3805b38 c002064c 0001f820
1f00: 0001f810 00000001 00000001 00000000 c2dd0000 00000000 c2dd1f34 c2dd1f28
1f20: c005ead8 c005e6f8 c2dd1f44 c2dd1f38 c005eaf8 c005ead0 c2dd1f6c c2dd1f48
1f40: c008ae3c 00000000 c3d77000 0001f810 c0ed0021 c0020ca8 c2dd0000 00000000
1f60: c2dd1fa4 c2dd1f70 c008d2d4 c008d0bc 00000000 0001f810 c2dd1f9c c3eaa000
1f80: c3d17000 00000000 00000000 be8b6aa8 be8b6ad0 00000015 00000000 c2dd1fa8
1fa0: c0020b00 c008d254 00000000 be8b6aa8 0001f810 0001f820 0001f830 c0ed0021
1fc0: 00000000 be8b6aa8 be8b6ad0 00000015 00000000 be8b6ad0 0001f810 be8b6aa8
1fe0: 0001f810 be8b6964 0000aab8 40125124 60000010 0001f810 00000000 00000000
Backtrace:
[<c00bbf14>] (nfs_remount+0x0/0x264) from [<c0076c40>] (do_remount_sb+0x158/0x194)
  r9:c3d17000 r8:c3c3fc40 r7:00000000 r6:00000000 r5:c3c3fc00
r4:00000000
[<c0076ae8>] (do_remount_sb+0x0/0x194) from [<c008c6d8>] (do_remount+0xec/0x118)
  r6:c2dd1ef0 r5:c3c3fc00 r4:00000001
[<c008c5ec>] (do_remount+0x0/0x118) from [<c008d1bc>] (do_mount+0x10c/0x198)
[<c008d0b0>] (do_mount+0x0/0x198) from [<c008d2d4>] (sys_mount+0x8c/0xd4)
[<c008d248>] (sys_mount+0x0/0xd4) from [<c0020b00>] (ret_fast_syscall+0x0/0x2c)
  r7:00000015 r6:be8b6ad0 r5:be8b6aa8 r4:00000000
Code: 0a000086 ea000006 e3530003 8a000004 (e5923000)
---[ end trace 55e1b689cf8c8a6a ]---
------------[ cut here ]------------
WARNING: at kernel/exit.c:966 do_exit+0x3c/0x628()
Modules linked in: cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_conservative ext3 jbd sd_mod pata_pcmcia libata scsi_mod pcmcia loop firmware_class pxafb cfbcopyarea cfbimgblt cfbfillrect pxa2xx_cs pxa2xx_core pcmcia_core snd_pxa2xx_ac97 snd_ac97_codec ac97_bus snd_pxa2xx_pcm snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd isp116x_hcd soundcore rtc_sa1100 snd_page_alloc pxa25x_udc usbcore rtc_ds1307 rtc_core
[<c0025168>] (dump_stack+0x0/0x14) from [<c0032154>] (warn_on_slowpath+0x4c/0x68)
[<c0032108>] (warn_on_slowpath+0x0/0x68) from [<c003531c>] (do_exit+0x3c/0x628)
  r6:0000000b r5:c3c3dc80 r4:c2dd0000
[<c00352e0>] (do_exit+0x0/0x628) from [<c0025004>] (die+0x2b0/0x30c)
[<c0024d54>] (die+0x0/0x30c) from [<c00270bc>] (__do_kernel_fault+0x6c/0x80)
[<c0027050>] (__do_kernel_fault+0x0/0x80) from [<c00272e0>] (do_page_fault+0x210/0x230)
  r7:c3fa7118 r6:c3c3dc80 r5:c3d166a8 r4:00010000
[<c00270d0>] (do_page_fault+0x0/0x230) from [<c00201ec>] (do_DataAbort+0x3c/0xa0)
[<c00201b0>] (do_DataAbort+0x0/0xa0) from [<c002064c>] (__dabt_svc+0x4c/0x60)
Exception stack(0xc2dd1e28 to 0xc2dd1e70)
1e20:                   c3c3fc00 c2dd1e9c 00000000 00000003 00000000 c3d2b200
1e40: 00000000 00000000 c3c3fc40 c3d17000 00000040 c2dd1e94 c2dd1e98 c2dd1e70
1e60: c0076c40 c00bbf54 60000013 ffffffff
  r8:c3c3fc40 r7:00000000 r6:00000000 r5:c2dd1e5c r4:ffffffff
[<c00bbf14>] (nfs_remount+0x0/0x264) from [<c0076c40>] (do_remount_sb+0x158/0x194)
  r9:c3d17000 r8:c3c3fc40 r7:00000000 r6:00000000 r5:c3c3fc00
r4:00000000
[<c0076ae8>] (do_remount_sb+0x0/0x194) from [<c008c6d8>] (do_remount+0xec/0x118)
  r6:c2dd1ef0 r5:c3c3fc00 r4:00000001
[<c008c5ec>] (do_remount+0x0/0x118) from [<c008d1bc>] (do_mount+0x10c/0x198)
[<c008d0b0>] (do_mount+0x0/0x198) from [<c008d2d4>] (sys_mount+0x8c/0xd4)
[<c008d248>] (sys_mount+0x0/0xd4) from [<c0020b00>] (ret_fast_syscall+0x0/0x2c)
  r7:00000015 r6:be8b6ad0 r5:be8b6aa8 r4:00000000
---[ end trace 55e1b689cf8c8a6a ]---
/etc/rc6.d/S60umountroot: line 17:  1462 Segmentation fault      mount $MOUNT_FORCE_OPT -n -o remount,ro -t dummytype dummydev / 2> /dev/null

The new super.c:nfs_remount function doesn't check the validity of the
options/options4 pointers. Unfortunately, this seems to happend.
The obvious patch seems to check the pointers, and not to do anything if
the happend to be NULL.

Tested on an XScale PXA255 system, latest git.

Regards,

	M.

Signed-off-by: Marc Zyngier <marc.zyngier@altran.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-07-27 18:20:41 -04:00
..
9p 9p: fix O_APPEND in legacy mode 2008-07-03 09:59:03 -05:00
adfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
affs [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
afs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
autofs
autofs4 autofs4: remove unused ioctls 2008-07-24 10:47:33 -07:00
befs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
bfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
cifs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
coda [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
configfs configfs: Allow ->make_item() and ->make_group() to return detailed errors. 2008-07-17 15:21:29 -07:00
cramfs
debugfs debugfs: Implement debugfs_remove_recursive() 2008-07-21 21:54:59 -07:00
devpts devpts: factor out PTY index allocation 2008-04-30 08:29:48 -07:00
dlm locks: add special return value for asynchronous locks 2008-07-25 10:53:47 -07:00
ecryptfs [PATCH] kill nameidata passing to permission(), rename to inode_permission() 2008-07-26 20:53:31 -04:00
efs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
exportfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ext2 [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
ext3 [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
ext4 [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
fat [patch 3/4] fat: dont call notify_change 2008-07-26 20:53:27 -04:00
freevxfs fs/freevxfs/: proper externs 2008-04-29 08:06:00 -07:00
fuse [PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess 2008-07-26 20:53:21 -04:00
gfs2 [PATCH] don't pass nameidata to gfs2_lookupi() 2008-07-26 20:53:36 -04:00
hfs [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
hfsplus [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
hostfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
hpfs [patch 05/14] hpfs: dont call permission() 2008-07-26 20:53:13 -04:00
hppfs [patch] hppfs: remove hppfs_permission 2008-07-26 20:53:07 -04:00
hugetlbfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
isofs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
jbd jbd: don't abort if flushing file data failed 2008-07-25 10:53:32 -07:00
jbd2 ext4: Add ordered mode support for delalloc 2008-07-11 19:27:31 -04:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2008-07-26 20:30:56 -07:00
jfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
lockd locks: add special return value for asynchronous locks 2008-07-25 10:53:47 -07:00
minix SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
msdos fatfs: add UTC timestamp option 2008-07-25 10:53:34 -07:00
ncpfs [PATCH] don't pass nameidata to __ncp_lookup_validate() 2008-07-26 20:53:37 -04:00
nfs nfs_remount oops when rebooting + possible fix 2008-07-27 18:20:41 -04:00
nfs_common
nfsd [PATCH] get rid of indirect users of namei.h 2008-07-26 20:53:42 -04:00
nls
ntfs [patch 3/5] vfs: change remove_suid() to file_remove_suid() 2008-07-26 20:53:16 -04:00
ocfs2 [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
omfs omfs: update kbuild to include OMFS 2008-07-26 12:00:05 -07:00
openpromfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
partitions fs/partitions/efi: convert to pr_debug 2008-07-25 10:53:44 -07:00
proc task IO accounting: improve code readability 2008-07-27 09:58:20 -07:00
qnx4 SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ramfs ramfs: enable splice write 2008-07-04 09:52:14 +02:00
reiserfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
romfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
smbfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
sysfs Use WARN() in fs/sysfs 2008-07-26 12:00:07 -07:00
sysv SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ubifs [PATCH] get rid of indirect users of namei.h 2008-07-26 20:53:42 -04:00
udf SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ufs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
vfat fatfs: add UTC timestamp option 2008-07-25 10:53:34 -07:00
xfs [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
aio.c [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
anon_inodes.c flag parameters: NONBLOCK in anon_inode_getfd 2008-07-24 10:47:28 -07:00
attr.c [patch 4/4] vfs: immutable inode checking cleanup 2008-07-26 20:53:28 -04:00
bad_inode.c [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
binfmt_aout.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_elf.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_elf_fdpic.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_em86.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_flat.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_misc.c binfmt_misc: use simple_read_from_buffer() 2008-07-24 10:47:27 -07:00
binfmt_script.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_som.c tracehook: exec 2008-07-26 12:00:08 -07:00
bio-integrity.c block: integrity checkpatch cleanups 2008-07-03 13:21:13 +02:00
bio.c dio: use get_user_pages_fast 2008-07-26 12:00:06 -07:00
block_dev.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
buffer.c Use WARN() in fs/ 2008-07-26 12:00:07 -07:00
char_dev.c Remove the lock_kernel() call from chrdev_open() 2008-06-20 14:05:53 -06:00
compat.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
compat_binfmt_elf.c
compat_ioctl.c remove unused #include <linux/dirent.h>'s 2008-07-25 10:53:34 -07:00
dcache.c vfs: add cond_resched_lock while scanning dentry LRU lists 2008-07-26 12:00:02 -07:00
dcookies.c
direct-io.c dio: use get_user_pages_fast 2008-07-26 12:00:06 -07:00
dnotify.c [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
dquot.c quota: implement sending information via netlink about user below quota 2008-07-25 10:53:35 -07:00
drop_caches.c vfs: skip inodes without pages to free in drop_pagecache_sb() 2008-04-29 08:06:05 -07:00
eventfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
eventpoll.c flag parameters add-on: remove epoll_create size param 2008-07-24 10:47:29 -07:00
exec.c [PATCH] get rid of __user_path_lookup_open 2008-07-26 20:53:41 -04:00
fcntl.c [PATCH] fix RLIM_NOFILE handling 2008-07-26 20:53:45 -04:00
fifo.c [PATCH] reuse xxx_fifo_fops for xxx_pipe_fops 2008-07-26 20:53:06 -04:00
file.c [PATCH] fix RLIM_NOFILE handling 2008-07-26 20:53:45 -04:00
file_table.c [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
filesystems.c
fs-writeback.c VFS: export sync_sb_inodes 2008-07-14 19:10:52 +03:00
generic_acl.c
inode.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
inotify.c
inotify_user.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
internal.h
ioctl.c make vfs_ioctl() static 2008-04-29 08:06:00 -07:00
ioprio.c
Kconfig omfs: update kbuild to include OMFS 2008-07-26 12:00:05 -07:00
Kconfig.binfmt frv: don't offer BINFMT_FLAT 2008-06-06 11:29:08 -07:00
libfs.c add kernel-doc for simple_read_from_buffer and memory_read_from_buffer 2008-07-04 10:40:07 -07:00
locks.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
Makefile omfs: update kbuild to include OMFS 2008-07-26 12:00:05 -07:00
mbcache.c
mpage.c vfs: add hooks for ext4's delayed allocation support 2008-07-11 19:27:31 -04:00
namei.c [PATCH] get rid of __user_path_lookup_open 2008-07-26 20:53:41 -04:00
namespace.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
nfsctl.c
no-block.c
open.c [PATCH] fix RLIM_NOFILE handling 2008-07-26 20:53:45 -04:00
pipe.c [PATCH] reuse xxx_fifo_fops for xxx_pipe_fops 2008-07-26 20:53:06 -04:00
pnode.c
pnode.h
posix_acl.c
quota.c quota: cleanup loop in sync_dquots() 2008-07-25 10:53:35 -07:00
quota_v1.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
quota_v2.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
read_write.c Remove BKL from remote_llseek v2 2008-07-02 15:06:27 -06:00
read_write.h
readdir.c
select.c Fix performance regression on lmbench select benchmark 2008-06-22 12:23:15 -07:00
seq_file.c
signalfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
splice.c [patch 3/5] vfs: change remove_suid() to file_remove_suid() 2008-07-26 20:53:16 -04:00
stack.c
stat.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
super.c fix soft lock up at NFS mount via per-SB LRU-list of unused dentries 2008-07-24 10:47:15 -07:00
sync.c SYNC_FILE_RANGE_WRITE may and will block. Document that. 2008-07-24 10:47:17 -07:00
timerfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
utimes.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr_acl.c