Revision - b3ecba0 - sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor

Revision b3ecba096729f521312d1863ad22530695527aed authored by Jeff Layton on 13 November 2014, 12:30:46 UTC, committed by Trond Myklebust on 13 November 2014, 18:15:49 UTC

sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor

Bruce reported that he was seeing the following BUG pop:

    BUG: sleeping function called from invalid context at mm/slab.c:2846
    in_atomic(): 0, irqs_disabled(): 0, pid: 4539, name: mount.nfs
    2 locks held by mount.nfs/4539:
    #0:  (nfs_clid_init_mutex){+.+.+.}, at: [<ffffffffa01c0a9a>] nfs4_discover_server_trunking+0x4a/0x2f0 [nfsv4]
    #1:  (rcu_read_lock){......}, at: [<ffffffffa00e3185>] gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
    Preemption disabled at:[<ffffffff81a4f082>] printk+0x4d/0x4f

    CPU: 3 PID: 4539 Comm: mount.nfs Not tainted 3.18.0-rc1-00013-g5b095e9 #3393
    Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
    ffff880021499390 ffff8800381476a8 ffffffff81a534cf 0000000000000001
    0000000000000000 ffff8800381476c8 ffffffff81097854 00000000000000d0
    0000000000000018 ffff880038147718 ffffffff8118e4f3 0000000020479f00
    Call Trace:
    [<ffffffff81a534cf>] dump_stack+0x4f/0x7c
    [<ffffffff81097854>] __might_sleep+0x114/0x180
    [<ffffffff8118e4f3>] __kmalloc+0x1a3/0x280
    [<ffffffffa00e31d8>] gss_stringify_acceptor+0x58/0xb0 [auth_rpcgss]
    [<ffffffffa00e3185>] ? gss_stringify_acceptor+0x5/0xb0 [auth_rpcgss]
    [<ffffffffa006b438>] rpcauth_stringify_acceptor+0x18/0x30 [sunrpc]
    [<ffffffffa01b0469>] nfs4_proc_setclientid+0x199/0x380 [nfsv4]
    [<ffffffffa01b04d0>] ? nfs4_proc_setclientid+0x200/0x380 [nfsv4]
    [<ffffffffa01bdf1a>] nfs40_discover_server_trunking+0xda/0x150 [nfsv4]
    [<ffffffffa01bde45>] ? nfs40_discover_server_trunking+0x5/0x150 [nfsv4]
    [<ffffffffa01c0acf>] nfs4_discover_server_trunking+0x7f/0x2f0 [nfsv4]
    [<ffffffffa01c8e24>] nfs4_init_client+0x104/0x2f0 [nfsv4]
    [<ffffffffa01539b4>] nfs_get_client+0x314/0x3f0 [nfs]
    [<ffffffffa0153780>] ? nfs_get_client+0xe0/0x3f0 [nfs]
    [<ffffffffa01c83aa>] nfs4_set_client+0x8a/0x110 [nfsv4]
    [<ffffffffa0069708>] ? __rpc_init_priority_wait_queue+0xa8/0xf0 [sunrpc]
    [<ffffffffa01c9b2f>] nfs4_create_server+0x12f/0x390 [nfsv4]
    [<ffffffffa01c1472>] nfs4_remote_mount+0x32/0x60 [nfsv4]
    [<ffffffff81196489>] mount_fs+0x39/0x1b0
    [<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
    [<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
    [<ffffffffa01c1396>] nfs_do_root_mount+0x86/0xc0 [nfsv4]
    [<ffffffffa01c1784>] nfs4_try_mount+0x44/0xc0 [nfsv4]
    [<ffffffffa01549b7>] ? get_nfs_version+0x27/0x90 [nfs]
    [<ffffffffa0161a2d>] nfs_fs_mount+0x47d/0xd60 [nfs]
    [<ffffffff81a59c5e>] ? mutex_unlock+0xe/0x10
    [<ffffffffa01606a0>] ? nfs_remount+0x430/0x430 [nfs]
    [<ffffffffa01609c0>] ? nfs_clone_super+0x140/0x140 [nfs]
    [<ffffffff81196489>] mount_fs+0x39/0x1b0
    [<ffffffff81166145>] ? __alloc_percpu+0x15/0x20
    [<ffffffff811b276b>] vfs_kern_mount+0x6b/0x150
    [<ffffffff811b5830>] do_mount+0x210/0xbe0
    [<ffffffff811b54ca>] ? copy_mount_options+0x3a/0x160
    [<ffffffff811b651f>] SyS_mount+0x6f/0xb0
    [<ffffffff81a5c852>] system_call_fastpath+0x12/0x17

Sleeping under the rcu_read_lock is bad. This patch fixes it by dropping
the rcu_read_lock before doing the allocation and then reacquiring it
and redoing the dereference before doing the copy. If we find that the
string has somehow grown in the meantime, we'll reallocate and try again.

Cc: <stable@vger.kernel.org> # v3.17+
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

1 parent f8ebf7a

Files
Changes

Permalinks

File	Mode	Size
fonts
lz4
lzo
mpi
raid6
reed_solomon
xz
zlib_deflate
zlib_inflate
.gitignore	-rw-r--r--	70 bytes
Kconfig	-rw-r--r--	11.7 KB
Kconfig.debug	-rw-r--r--	57.9 KB
Kconfig.kgdb	-rw-r--r--	3.1 KB
Kconfig.kmemcheck	-rw-r--r--	2.9 KB
Makefile	-rw-r--r--	6.0 KB
argv_split.c	-rw-r--r--	2.1 KB
asn1_decoder.c	-rw-r--r--	12.4 KB
assoc_array.c	-rw-r--r--	52.6 KB
atomic64.c	-rw-r--r--	4.1 KB
atomic64_test.c	-rw-r--r--	3.4 KB
audit.c	-rw-r--r--	1.7 KB
average.c	-rw-r--r--	1.9 KB
bcd.c	-rw-r--r--	261 bytes
bch.c	-rw-r--r--	35.6 KB
bitmap.c	-rw-r--r--	35.2 KB
bitrev.c	-rw-r--r--	2.1 KB
bsearch.c	-rw-r--r--	1.6 KB
btree.c	-rw-r--r--	19.3 KB
bug.c	-rw-r--r--	4.7 KB
build_OID_registry	-rwxr-xr-x	4.7 KB
bust_spinlocks.c	-rw-r--r--	660 bytes
check_signature.c	-rw-r--r--	599 bytes
checksum.c	-rw-r--r--	4.9 KB
clz_ctz.c	-rw-r--r--	1.3 KB
clz_tab.c	-rw-r--r--	855 bytes
cmdline.c	-rw-r--r--	4.1 KB
compat_audit.c	-rw-r--r--	796 bytes
cordic.c	-rw-r--r--	2.5 KB
cpu-notifier-error-inject.c	-rw-r--r--	1.2 KB
cpu_rmap.c	-rw-r--r--	7.8 KB
cpumask.c	-rw-r--r--	5.8 KB
crc-ccitt.c	-rw-r--r--	3.0 KB
crc-itu-t.c	-rw-r--r--	2.8 KB
crc-t10dif.c	-rw-r--r--	1.5 KB
crc16.c	-rw-r--r--	2.8 KB
crc32.c	-rw-r--r--	45.4 KB
crc32defs.h	-rw-r--r--	2.0 KB
crc7.c	-rw-r--r--	2.6 KB
crc8.c	-rw-r--r--	2.4 KB
ctype.c	-rw-r--r--	1.4 KB
debug_locks.c	-rw-r--r--	1.2 KB
debugobjects.c	-rw-r--r--	26.1 KB
dec_and_lock.c	-rw-r--r--	784 bytes
decompress.c	-rw-r--r--	1.6 KB
decompress_bunzip2.c	-rw-r--r--	23.4 KB
decompress_inflate.c	-rw-r--r--	3.8 KB
decompress_unlz4.c	-rw-r--r--	4.1 KB
decompress_unlzma.c	-rw-r--r--	15.8 KB
decompress_unlzo.c	-rw-r--r--	6.8 KB
decompress_unxz.c	-rw-r--r--	10.6 KB
devres.c	-rw-r--r--	9.4 KB
digsig.c	-rw-r--r--	5.5 KB
div64.c	-rw-r--r--	4.0 KB
dma-debug.c	-rw-r--r--	41.4 KB
dump_stack.c	-rw-r--r--	1.1 KB
dynamic_debug.c	-rw-r--r--	25.1 KB
dynamic_queue_limits.c	-rw-r--r--	4.3 KB
earlycpio.c	-rw-r--r--	3.9 KB
extable.c	-rw-r--r--	2.4 KB
fault-inject.c	-rw-r--r--	5.5 KB
fdt.c	-rw-r--r--	69 bytes
fdt_empty_tree.c	-rw-r--r--	80 bytes
fdt_ro.c	-rw-r--r--	72 bytes
fdt_rw.c	-rw-r--r--	72 bytes
fdt_strerror.c	-rw-r--r--	78 bytes
fdt_sw.c	-rw-r--r--	72 bytes
fdt_wip.c	-rw-r--r--	73 bytes
find_last_bit.c	-rw-r--r--	1.1 KB
find_next_bit.c	-rw-r--r--	6.4 KB
flex_array.c	-rw-r--r--	11.0 KB
flex_proportions.c	-rw-r--r--	6.9 KB
gcd.c	-rw-r--r--	313 bytes
gen_crc32table.c	-rw-r--r--	3.2 KB
genalloc.c	-rw-r--r--	17.7 KB
glob.c	-rw-r--r--	7.7 KB
halfmd4.c	-rw-r--r--	2.0 KB
hash.c	-rw-r--r--	1.0 KB
hexdump.c	-rw-r--r--	7.5 KB
hweight.c	-rw-r--r--	1.9 KB
idr.c	-rw-r--r--	28.0 KB
inflate.c	-rw-r--r--	38.6 KB
int_sqrt.c	-rw-r--r--	652 bytes
interval_tree.c	-rw-r--r--	495 bytes
interval_tree_test.c	-rw-r--r--	2.3 KB
iomap.c	-rw-r--r--	6.5 KB
iomap_copy.c	-rw-r--r--	2.1 KB
iommu-helper.c	-rw-r--r--	1.0 KB
ioremap.c	-rw-r--r--	2.1 KB
iovec.c	-rw-r--r--	2.2 KB
irq_regs.c	-rw-r--r--	604 bytes
is_single_threaded.c	-rw-r--r--	1.3 KB
jedec_ddr_data.c	-rw-r--r--	3.0 KB
kasprintf.c	-rw-r--r--	717 bytes
kfifo.c	-rw-r--r--	12.7 KB
klist.c	-rw-r--r--	9.3 KB
kobject.c	-rw-r--r--	25.5 KB
kobject_uevent.c	-rw-r--r--	11.4 KB
kstrtox.c	-rw-r--r--	9.4 KB
kstrtox.h	-rw-r--r--	254 bytes
lcm.c	-rw-r--r--	288 bytes
libcrc32c.c	-rw-r--r--	2.0 KB
list_debug.c	-rw-r--r--	2.6 KB
list_sort.c	-rw-r--r--	6.7 KB
llist.c	-rw-r--r--	3.1 KB
locking-selftest-hardirq.h	-rw-r--r--	207 bytes
locking-selftest-mutex.h	-rw-r--r--	120 bytes
locking-selftest-rlock-hardirq.h	-rw-r--r--	74 bytes
locking-selftest-rlock-softirq.h	-rw-r--r--	74 bytes
locking-selftest-rlock.h	-rw-r--r--	158 bytes
locking-selftest-rsem.h	-rw-r--r--	163 bytes
locking-selftest-softirq.h	-rw-r--r--	207 bytes
locking-selftest-spin-hardirq.h	-rw-r--r--	73 bytes
locking-selftest-spin-softirq.h	-rw-r--r--	73 bytes
locking-selftest-spin.h	-rw-r--r--	118 bytes
locking-selftest-wlock-hardirq.h	-rw-r--r--	74 bytes
locking-selftest-wlock-softirq.h	-rw-r--r--	74 bytes
locking-selftest-wlock.h	-rw-r--r--	158 bytes
locking-selftest-wsem.h	-rw-r--r--	163 bytes
locking-selftest.c	-rw-r--r--	40.1 KB
lockref.c	-rw-r--r--	3.6 KB
lru_cache.c	-rw-r--r--	19.4 KB
md5.c	-rw-r--r--	3.7 KB
memory-notifier-error-inject.c	-rw-r--r--	1.1 KB
memweight.c	-rw-r--r--	999 bytes
net_utils.c	-rw-r--r--	604 bytes
nlattr.c	-rw-r--r--	12.5 KB
notifier-error-inject.c	-rw-r--r--	2.7 KB
notifier-error-inject.h	-rw-r--r--	614 bytes
of-reconfig-notifier-error-inject.c	-rw-r--r--	1.3 KB
oid_registry.c	-rw-r--r--	3.8 KB
parser.c	-rw-r--r--	7.1 KB
pci_iomap.c	-rw-r--r--	1.4 KB
percpu-refcount.c	-rw-r--r--	11.7 KB
percpu_counter.c	-rw-r--r--	5.5 KB
percpu_ida.c	-rw-r--r--	9.6 KB
percpu_test.c	-rw-r--r--	3.2 KB
plist.c	-rw-r--r--	5.9 KB
pm-notifier-error-inject.c	-rw-r--r--	1.1 KB
proportions.c	-rw-r--r--	9.4 KB
radix-tree.c	-rw-r--r--	39.3 KB
random32.c	-rw-r--r--	12.6 KB
ratelimit.c	-rw-r--r--	1.5 KB
rational.c	-rw-r--r--	1.5 KB
rbtree.c	-rw-r--r--	15.0 KB
rbtree_test.c	-rw-r--r--	5.5 KB
reciprocal_div.c	-rw-r--r--	492 bytes
rhashtable.c	-rw-r--r--	20.3 KB
scatterlist.c	-rw-r--r--	18.2 KB
sha1.c	-rw-r--r--	6.1 KB
show_mem.c	-rw-r--r--	1.2 KB
smp_processor_id.c	-rw-r--r--	1.3 KB
sort.c	-rw-r--r--	2.5 KB
stmp_device.c	-rw-r--r--	2.1 KB
string.c	-rw-r--r--	17.0 KB
string_helpers.c	-rw-r--r--	10.0 KB
strncpy_from_user.c	-rw-r--r--	2.9 KB
strnlen_user.c	-rw-r--r--	3.6 KB
swiotlb.c	-rw-r--r--	27.1 KB
syscall.c	-rw-r--r--	2.4 KB
test-kstrtox.c	-rw-r--r--	17.4 KB
test-string_helpers.c	-rw-r--r--	8.0 KB
test_bpf.c	-rw-r--r--	55.4 KB
test_firmware.c	-rw-r--r--	2.8 KB
test_module.c	-rw-r--r--	753 bytes
test_user_copy.c	-rw-r--r--	3.1 KB
textsearch.c	-rw-r--r--	9.4 KB
timerqueue.c	-rw-r--r--	3.1 KB
ts_bm.c	-rw-r--r--	5.3 KB
ts_fsm.c	-rw-r--r--	10.6 KB
ts_kmp.c	-rw-r--r--	4.3 KB
ucs2_string.c	-rw-r--r--	1.2 KB
usercopy.c	-rw-r--r--	197 bytes
uuid.c	-rw-r--r--	1.3 KB
vsprintf.c	-rw-r--r--	60.0 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...