Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
*** BLURB HERE ***
Paulo Alcantara (2): cifs: get rid of unused parameter in reconn_setup_dfs_targets() cifs: handle empty list of targets in cifs_reconnect()
fs/cifs/connect.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
From: Paulo Alcantara pc@cjr.nz
commit baf3f08ef4083b76ca67b143e135213a7f941879 upstream.
The target iterator parameter "it" is not used in reconn_setup_dfs_targets(), so just remove it.
Signed-off-by: Paulo Alcantara (SUSE) pc@cjr.nz Reviewed-by: Aurelien Aptel aaptel@suse.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Rishabh Bhatnagar risbhat@amazon.com --- fs/cifs/connect.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 6c8dd7c0b83a..b5cd3dc479ce 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -469,8 +469,7 @@ static void reconn_inval_dfs_target(struct TCP_Server_Info *server, }
static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb, - struct dfs_cache_tgt_list *tl, - struct dfs_cache_tgt_iterator **it) + struct dfs_cache_tgt_list *tl) { if (!cifs_sb->origin_fullpath) return -EOPNOTSUPP; @@ -515,7 +514,7 @@ cifs_reconnect(struct TCP_Server_Info *server) } else { cifs_sb = CIFS_SB(sb);
- rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list, &tgt_it); + rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list); if (rc && (rc != -EOPNOTSUPP)) { cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n", __func__);
From: Paulo Alcantara pc@cjr.nz
commit a52930353eaf443489a350a135c5525a4acbbf56 upstream.
In case there were no cached DFS referrals in reconn_setup_dfs_targets(), set cifs_sb to NULL prior to calling reconn_set_next_dfs_target() so it would not try to access an empty tgt_list.
Signed-off-by: Paulo Alcantara (SUSE) pc@cjr.nz Reviewed-by: Aurelien Aptel aaptel@suse.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Rishabh Bhatnagar risbhat@amazon.com --- fs/cifs/connect.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index b5cd3dc479ce..d8d9d9061544 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -513,11 +513,13 @@ cifs_reconnect(struct TCP_Server_Info *server) sb = NULL; } else { cifs_sb = CIFS_SB(sb); - rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list); - if (rc && (rc != -EOPNOTSUPP)) { - cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n", - __func__); + if (rc) { + cifs_sb = NULL; + if (rc != -EOPNOTSUPP) { + cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n", + __func__); + } } else { server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list); }
On Wed, Jun 07, 2023 at 06:53:11PM +0000, Rishabh Bhatnagar wrote:
Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
*** BLURB HERE ***
No blurb?
And this says 5.4, yet your patches say 5.10?
Totally confused...
greg k-h
On 6/7/23 12:07 PM, Greg KH wrote:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
On Wed, Jun 07, 2023 at 06:53:11PM +0000, Rishabh Bhatnagar wrote:
Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
*** BLURB HERE ***
No blurb?
And this says 5.4, yet your patches say 5.10?
Totally confused...
greg k-h
These patches are applicable for 5.4. Will send another version with that fixed. Apologies for the mess.
On Wed, Jun 07, 2023 at 01:20:23PM -0700, Bhatnagar, Rishabh wrote:
On 6/7/23 12:07 PM, Greg KH wrote:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
On Wed, Jun 07, 2023 at 06:53:11PM +0000, Rishabh Bhatnagar wrote:
Recently we have been seeing kernel panic in cifs_reconnect function while accessing tgt_list. Looks like tgt_list is not initialized correctly. There are fixes already present in 5.10 and later trees. Backporting them to 5.4
CIFS VFS: \172.30.1.14 cifs_reconnect: no target servers for DFS failover BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 260e067 P4D 260e067 PUD 2610067 PMD 0 Oops: 0000 [#1] SMP PTI RIP: 0010:cifs_reconnect+0x51d/0xef0 [cifs] RSP: 0018:ffffc90000693da0 EFLAGS: 00010282 RAX: fffffffffffffff8 RBX: ffff8887fa63b800 RCX: fffffffffffffff8 Call Trace: cifs_handle_standard+0x18d/0x1b0 [cifs] cifs_demultiplex_thread+0xa5c/0xc90 [cifs] kthread+0x113/0x130
*** BLURB HERE ***
No blurb?
And this says 5.4, yet your patches say 5.10?
Totally confused...
greg k-h
These patches are applicable for 5.4. Will send another version with that fixed. Apologies for the mess.
Please resend both series, as this one I already dropped from my queue.
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Bhatnagar, Rishabh -
Greg KH -
Rishabh Bhatnagar