original_kernel/fs
Junxiao Bi e5a15e17a7 ocfs2: fix panic on nfs server over ocfs2
The following kernel panic was captured when running nfs server over
ocfs2, at that time ocfs2_test_inode_bit() was checking whether one
inode locating at "blkno" 5 was valid, that is ocfs2 root inode, its
"suballoc_slot" was OCFS2_INVALID_SLOT(65535) and it was allocted from
//global_inode_alloc, but here it wrongly assumed that it was got from per
slot inode alloctor which would cause array overflow and trigger kernel
panic.

  BUG: unable to handle kernel paging request at 0000000000001088
  IP: [<ffffffff816f6898>] _raw_spin_lock+0x18/0xf0
  PGD 1e06ba067 PUD 1e9e7d067 PMD 0
  Oops: 0002 [#1] SMP
  CPU: 6 PID: 24873 Comm: nfsd Not tainted 4.1.12-124.36.1.el6uek.x86_64 #2
  Hardware name: Huawei CH121 V3/IT11SGCA1, BIOS 3.87 02/02/2018
  RIP: _raw_spin_lock+0x18/0xf0
  RSP: e02b:ffff88005ae97908  EFLAGS: 00010206
  RAX: ffff88005ae98000 RBX: 0000000000001088 RCX: 0000000000000000
  RDX: 0000000000020000 RSI: 0000000000000009 RDI: 0000000000001088
  RBP: ffff88005ae97928 R08: 0000000000000000 R09: ffff880212878e00
  R10: 0000000000007ff0 R11: 0000000000000000 R12: 0000000000001088
  R13: ffff8800063c0aa8 R14: ffff8800650c27d0 R15: 000000000000ffff
  FS:  0000000000000000(0000) GS:ffff880218180000(0000) knlGS:ffff880218180000
  CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000001088 CR3: 00000002033d0000 CR4: 0000000000042660
  Call Trace:
    igrab+0x1e/0x60
    ocfs2_get_system_file_inode+0x63/0x3a0 [ocfs2]
    ocfs2_test_inode_bit+0x328/0xa00 [ocfs2]
    ocfs2_get_parent+0xba/0x3e0 [ocfs2]
    reconnect_path+0xb5/0x300
    exportfs_decode_fh+0xf6/0x2b0
    fh_verify+0x350/0x660 [nfsd]
    nfsd4_putfh+0x4d/0x60 [nfsd]
    nfsd4_proc_compound+0x3d3/0x6f0 [nfsd]
    nfsd_dispatch+0xe0/0x290 [nfsd]
    svc_process_common+0x412/0x6a0 [sunrpc]
    svc_process+0x123/0x210 [sunrpc]
    nfsd+0xff/0x170 [nfsd]
    kthread+0xcb/0xf0
    ret_from_fork+0x61/0x90
  Code: 83 c2 02 0f b7 f2 e8 18 dc 91 ff 66 90 eb bf 0f 1f 40 00 55 48 89 e5 41 56 41 55 41 54 53 0f 1f 44 00 00 48 89 fb ba 00 00 02 00 <f0> 0f c1 17 89 d0 45 31 e4 45 31 ed c1 e8 10 66 39 d0 41 89 c6
  RIP   _raw_spin_lock+0x18/0xf0
  CR2: 0000000000001088
  ---[ end trace 7264463cd1aac8f9 ]---
  Kernel panic - not syncing: Fatal exception

Link: http://lkml.kernel.org/r/20200616183829.87211-4-junxiao.bi@oracle.com
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-06-26 00:27:37 -07:00
..
9p
adfs
affs
afs afs: Fix hang on rmmod due to outstanding timer 2020-06-20 12:01:58 -07:00
autofs
befs
bfs
btrfs for-5.8-rc2-tag 2020-06-23 09:20:11 -07:00
cachefiles
ceph
cifs smb3: Add debug message for new file creation with idsfromsid mount option 2020-06-12 16:31:06 -05:00
coda
configfs
cramfs
crypto
debugfs
devpts
dlm
ecryptfs
efivarfs
efs
erofs erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup 2020-06-24 09:47:44 +08:00
exfat
exportfs
ext2
ext4 This is the second round of ext4 commits for 5.8 merge window. It 2020-06-15 09:32:10 -07:00
f2fs
fat
freevxfs
fscache
fuse
gfs2
hfs
hfsplus
hostfs
hpfs
hugetlbfs
iomap New code for 5.8: 2020-06-13 12:44:30 -07:00
isofs
jbd2 This is the second round of ext4 commits for 5.8 merge window. It 2020-06-15 09:32:10 -07:00
jffs2 jffs2: Replace zero-length array with flexible-array 2020-06-15 23:08:31 -05:00
jfs
kernfs
lockd
minix
nfs NFS Client Updates for Linux 5.8 2020-06-11 12:22:41 -07:00
nfs_common
nfsd Highlights: 2020-06-11 10:33:13 -07:00
nilfs2
nls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
notify treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ntfs
ocfs2 ocfs2: fix panic on nfs server over ocfs2 2020-06-26 00:27:37 -07:00
omfs
openpromfs
orangefs
overlayfs
proc A few fixes and small cleanups for tracing: 2020-06-20 13:17:47 -07:00
pstore
qnx4
qnx6
quota
ramfs
reiserfs
romfs treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
squashfs Squashfs: Replace zero-length array with flexible-array 2020-06-15 23:08:32 -05:00
sysfs
sysv
tracefs
ubifs
udf
ufs
unicode
vboxsf
verity
xfs Fixes for 5.8: 2020-06-13 12:40:24 -07:00
zonefs
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Kconfig.binfmt treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile
aio.c aio: Replace zero-length array with flexible-array 2020-06-15 23:08:25 -05:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c block: make function 'kill_bdev' static 2020-06-18 09:24:35 -06:00
buffer.c
char_dev.c
compat.c
compat_binfmt_elf.c
coredump.c
d_path.c
dax.c
dcache.c
dcookies.c
direct-io.c for-5.8-part2-tag 2020-06-14 09:47:25 -07:00
drop_caches.c
eventfd.c
eventpoll.c
exec.c
fcntl.c
fhandle.c
file.c
file_table.c
filesystems.c
fs-writeback.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
inode.c
internal.h
io-wq.c io_uring: cancel all task's requests on exit 2020-06-15 08:51:34 -06:00
io-wq.h io_uring: cancel by ->task not pid 2020-06-15 08:51:38 -06:00
io_uring.c io_uring: fix possible race condition against REQ_F_NEED_CLEANUP 2020-06-18 08:32:44 -06:00
ioctl.c
libfs.c
locks.c Highlights: 2020-06-11 10:33:13 -07:00
mbcache.c
mount.h
mpage.c
namei.c
namespace.c
no-block.c
nsfs.c
open.c
pipe.c Notifications over pipes + Keyring notifications 2020-06-13 09:56:21 -07:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
select.c
seq_file.c
signalfd.c
splice.c Notifications over pipes + Keyring notifications 2020-06-13 09:56:21 -07:00
stack.c
stat.c
statfs.c
super.c
sync.c
timerfd.c
userfaultfd.c
utimes.c
xattr.c