aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Brown <neilb@suse.de>2007-11-01 01:50:20 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2007-11-17 13:08:48 -0500
commit4c1fe2f78a08e2c514a39c91a0eb7b55bbd3c0d2 (patch)
treec420262ec489f3257afcbb5457168da0ce9cc53c
parenteda4f9b7996e5520934ca2a7310b363463a4e3b0 (diff)
kernel BUG at fs/nfs/namespace.c:108! - can be triggered by bad server
Hi Trond, I have discovered that the BUG_ON in nfs_follow_mountpoint: BUG_ON(IS_ROOT(dentry)); can be triggered by a misbehaving server. What happens is the client does a lookup and discoveres that the named directory has a different fsid, so it initiates a mount. It then performs a GETATTR on the mounted directory and gets a different fsid again (due to a bug in the NFS server). This causes nfs_follow_mountpoint to be called on the newly mounted root, which triggers the BUG_ON. To duplicate this, have a directory which contains some mountpoints, and export that directory with the "crossmnt" flag using nfs-utils 1.1.1 (or 1.1.0 I think) The GETATTR on the root of the mounted filesystem will return the information for the top exportpoint, while a lookup will return the correct information. This difference causes the NFS client to BUG. I think the best way to fix this is to trap this possibility early, so just before completing the mount in the NFS client, check that it isn't going to use nfs_mountpoint_inode_operations. As long as i_op will never change once set (is that true?), this should be adequately safe. The following patch shows a possible approach, and it works for me. i.e. when the NFS server is misbehaving, I get ESTALE on those mountpoints, while when the NFS server is working correctly, I get correct behaviour on the client. NeilBrown Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r--fs/nfs/super.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index fa517ae9207f..71067d1ac9d9 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1474,6 +1474,11 @@ static int nfs_xdev_get_sb(struct file_system_type *fs_type, int flags,
1474 error = PTR_ERR(mntroot); 1474 error = PTR_ERR(mntroot);
1475 goto error_splat_super; 1475 goto error_splat_super;
1476 } 1476 }
1477 if (mntroot->d_inode->i_op != &nfs_dir_inode_operations) {
1478 dput(mntroot);
1479 error = -ESTALE;
1480 goto error_splat_super;
1481 }
1477 1482
1478 s->s_flags |= MS_ACTIVE; 1483 s->s_flags |= MS_ACTIVE;
1479 mnt->mnt_sb = s; 1484 mnt->mnt_sb = s;