Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
Paulo Alcantara (2): cifs: get rid of unused parameter in reconn_setup_dfs_targets() cifs: handle empty list of targets in cifs_reconnect()
fs/cifs/connect.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
From: Paulo Alcantara pc@cjr.nz
commit baf3f08ef4083b76ca67b143e135213a7f941879 upstream.
The target iterator parameter "it" is not used in reconn_setup_dfs_targets(), so just remove it.
Signed-off-by: Paulo Alcantara (SUSE) pc@cjr.nz Reviewed-by: Aurelien Aptel aaptel@suse.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Rishabh Bhatnagar risbhat@amazon.com --- fs/cifs/connect.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 6c8dd7c0b83a..b5cd3dc479ce 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -469,8 +469,7 @@ static void reconn_inval_dfs_target(struct TCP_Server_Info *server, }
static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb, - struct dfs_cache_tgt_list *tl, - struct dfs_cache_tgt_iterator **it) + struct dfs_cache_tgt_list *tl) { if (!cifs_sb->origin_fullpath) return -EOPNOTSUPP; @@ -515,7 +514,7 @@ cifs_reconnect(struct TCP_Server_Info *server) } else { cifs_sb = CIFS_SB(sb);
- rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list, &tgt_it); + rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list); if (rc && (rc != -EOPNOTSUPP)) { cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n", __func__);
From: Paulo Alcantara pc@cjr.nz
commit a52930353eaf443489a350a135c5525a4acbbf56 upstream.
In case there were no cached DFS referrals in reconn_setup_dfs_targets(), set cifs_sb to NULL prior to calling reconn_set_next_dfs_target() so it would not try to access an empty tgt_list.
Signed-off-by: Paulo Alcantara (SUSE) pc@cjr.nz Reviewed-by: Aurelien Aptel aaptel@suse.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Rishabh Bhatnagar risbhat@amazon.com --- fs/cifs/connect.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index b5cd3dc479ce..d8d9d9061544 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -513,11 +513,13 @@ cifs_reconnect(struct TCP_Server_Info *server) sb = NULL; } else { cifs_sb = CIFS_SB(sb); - rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list); - if (rc && (rc != -EOPNOTSUPP)) { - cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n", - __func__); + if (rc) { + cifs_sb = NULL; + if (rc != -EOPNOTSUPP) { + cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n", + __func__); + } } else { server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list); }
Rishabh Bhatnagar risbhat@amazon.com writes:
Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
Paulo Alcantara (2): cifs: get rid of unused parameter in reconn_setup_dfs_targets() cifs: handle empty list of targets in cifs_reconnect()
fs/cifs/connect.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
Looks good.
On Thu, Jun 08, 2023 at 05:54:26PM -0300, Paulo Alcantara wrote:
Rishabh Bhatnagar risbhat@amazon.com writes:
Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
Paulo Alcantara (2): cifs: get rid of unused parameter in reconn_setup_dfs_targets() cifs: handle empty list of targets in cifs_reconnect()
fs/cifs/connect.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
Looks good.
Now queued up, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Paulo Alcantara -
Rishabh Bhatnagar