293ee2225d
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
92 lines
5.0 KiB
Diff
92 lines
5.0 KiB
Diff
From bbc92214b5b104550bb1bad6865ad4bf461ef935 Mon Sep 17 00:00:00 2001
|
|
From: "ashish.sangwan" <ashishsangwan2@gmail.com>
|
|
Date: Tue, 21 Jan 2020 02:55:02 -0800
|
|
Subject: [PATCH] Fix seg fault when NFSv4 compound op fails for regular files.
|
|
|
|
We are hitting this seg-fault on our system:
|
|
3 0x00007f2837583f2d in mdcache_handle_to_key (obj_hdl=0x7f281f01a638, fh_desc=0x7f281def8b70) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_handle.c:1377
|
|
4 0x00007f28374dea77 in state_obj_value_hash_func (hparam=0x7f2831838000, key=0x7f281defb500) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state_id.c:369
|
|
5 0x00007f28374a2f51 in compute (ht=0x7f2831838000, key=0x7f281defb500, index=0x7f281defac54, rbt_hash=0x7f281defac40) at /usr/src/debug/nfs-ganesha-2.8.3/hashtable/hashtable.c:253
|
|
6 0x00007f28374a39b0 in hashtable_getlatch (ht=0x7f2831838000, key=0x7f281defb500, val=0x7f281defb4e0, may_write=true, latch=0x7f281defb4c0) at /usr/src/debug/nfs-ganesha-2.8.3/hashtable/hashtable.c:490
|
|
7 0x00007f28374df971 in nfs4_State_Del (state=0x7f281f04b480) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state_id.c:759
|
|
8 0x00007f28374d9363 in _state_del_locked (state=0x7f281f04b480, func=0x7f28375d7ee0 <__func__.20139> "state_nfs4_state_wipe", line=669) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state.c:351
|
|
9 0x00007f28374db4ac in state_nfs4_state_wipe (ostate=0x7f281f01a890) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/nfs4_state.c:669
|
|
10 0x00007f28374cf045 in state_wipe_file (obj=0x7f281f01a638) at /usr/src/debug/nfs-ganesha-2.8.3/SAL/state_misc.c:1323
|
|
11 0x00007f28375a247c in _mdcache_lru_unref (entry=0x7f281f01a600, flags=0, func=0x7f28375fb8ef <__func__.23337> "mdcache_put", line=199) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_lru.c:2017
|
|
12 0x00007f283757f363 in mdcache_put (entry=0x7f281f01a600) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_lru.h:199
|
|
13 0x00007f28375842e0 in mdcache_put_ref (obj_hdl=0x7f281f01a638) at /usr/src/debug/nfs-ganesha-2.8.3/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_handle.c:1540
|
|
14 0x00007f283752e6cc in set_current_entry (data=0x7f2818c4e300, obj=0x0) at /usr/src/debug/nfs-ganesha-2.8.3/include/nfs_proto_data.h:392
|
|
15 0x00007f2837530838 in compound_data_Free (data=0x7f2818c4e300) at /usr/src/debug/nfs-ganesha-2.8.3/Protocols/NFS/nfs4_Compound.c:1451
|
|
16 0x00007f2837530584 in nfs4_Compound (arg=0x7f2818c23028, req=0x7f2818c22800, res=0x7f2818c4e1c0) at /usr/src/debug/nfs-ganesha-2.8.3/Protocols/NFS/nfs4_Compound.c:1362
|
|
17 0x00007f28374576c2 in nfs_rpc_process_request (reqdata=0x7f2818c22800) at /usr/src/debug/nfs-ganesha-2.8.3/MainNFSD/nfs_worker_thread.c:1986
|
|
|
|
(gdb) f 3
|
|
1377 subcall(
|
|
(gdb) p op_ctx->ctx_export
|
|
$2 = (struct gsh_export *) 0x0
|
|
(gdb) f 11
|
|
2017 state_wipe_file(&entry->obj_handle);
|
|
(gdb) p entry->lru
|
|
$1 = {q = {next = 0x7f2837854aa0 <LRU+3424>, prev = 0x7f2837854aa0 <LRU+3424>}, qid = LRU_ENTRY_CLEANUP, refcnt = 2, flags = 3, lane = 15, cf = 0}
|
|
|
|
The current compound op being executed is setattr which fails with ERR_FSAL_STALE because the file is deleted.
|
|
When we get ERR_FSAL_STALE in setattr we call mdcache_kill_entry which moves the mdcache entry to cleanup lane
|
|
and when we try to delete the state as part of cleanup, we hit this crash.
|
|
All the ops which are calling mdcache_kill_entry on receiving error for regular files could hit this crash.
|
|
We should not reset ctx_export until the compond data is freed.
|
|
|
|
Signed-off-by: ashish.sangwan <ashishsangwan2@gmail.com>
|
|
Change-Id: I3859e6e4599233c67d7640711e05cc5ab8647a3e
|
|
---
|
|
src/Protocols/NFS/nfs4_Compound.c | 20 ++++++++++++++------
|
|
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/Protocols/NFS/nfs4_Compound.c b/src/Protocols/NFS/nfs4_Compound.c
|
|
index 42fd55009..64186642c 100644
|
|
--- a/src/Protocols/NFS/nfs4_Compound.c
|
|
+++ b/src/Protocols/NFS/nfs4_Compound.c
|
|
@@ -1052,12 +1052,6 @@ void complete_nfs4_compound(compound_data_t *data, int status,
|
|
LogDebug(COMPONENT_NFS_V4, "End status = %s lastindex = %d",
|
|
nfsstat4_to_str(status), data->oppos);
|
|
|
|
- /* release current active export in op_ctx. */
|
|
- if (op_ctx->ctx_export) {
|
|
- put_gsh_export(op_ctx->ctx_export);
|
|
- op_ctx->ctx_export = NULL;
|
|
- op_ctx->fsal_export = NULL;
|
|
- }
|
|
}
|
|
|
|
static enum xprt_stat nfs4_compound_resume(struct svc_req *req)
|
|
@@ -1106,6 +1100,13 @@ static enum xprt_stat nfs4_compound_resume(struct svc_req *req)
|
|
complete_nfs4_compound(data, status, result);
|
|
|
|
compound_data_Free(data);
|
|
+ /* release current active export in op_ctx. */
|
|
+ if (op_ctx->ctx_export) {
|
|
+ put_gsh_export(op_ctx->ctx_export);
|
|
+ op_ctx->ctx_export = NULL;
|
|
+ op_ctx->fsal_export = NULL;
|
|
+ }
|
|
+
|
|
|
|
nfs_rpc_complete_async_request(reqdata, NFS_REQ_OK);
|
|
|
|
@@ -1342,6 +1343,13 @@ out:
|
|
|
|
compound_data_Free(data);
|
|
|
|
+ /* release current active export in op_ctx. */
|
|
+ if (op_ctx->ctx_export) {
|
|
+ put_gsh_export(op_ctx->ctx_export);
|
|
+ op_ctx->ctx_export = NULL;
|
|
+ op_ctx->fsal_export = NULL;
|
|
+ }
|
|
+
|
|
return drop ? NFS_REQ_DROP : NFS_REQ_OK;
|
|
} /* nfs4_Compound */
|
|
|
|
--
|
|
2.24.1
|
|
|