ACK: [Disco][SRU][PATCH 0/1] Fix for SUNRPC buffer handling

Connor Kuehl connor.kuehl at canonical.com
Tue Jan 14 01:01:50 UTC 2020


On 1/13/20 12:53 AM, Po-Hsu Lin wrote:
> == SRU Justification ==
> The xdr_shrink_pagelen() added in commit 5f1bc39 (SUNRPC: Fix buffer
> handling of GSS MIC without slack), which applied in the Disco tree via
> stable update process, sometimes will raise the following kernel trace
> when the bytes to remove from buf->pages is larger than buf->page_len:
> 
> [ 49.420081] ------------[ cut here ]------------
> [ 49.420084] kernel BUG at /build/linux-hwe-FLYqTt/linux-hwe-5.0.0/net/sunrpc/xdr.c:434!
> [ 49.420092] invalid opcode: 0000 [#1] SMP NOPTI
> [ 49.420095] CPU: 16 PID: 469 Comm: kworker/u64:13 Tainted: P OE 5.0.0-37-generic #40~18.04.1-Ubuntu
> [ 49.420096] Hardware name: System manufacturer System Product Name/ROG CROSSHAIR VII HERO (WI-FI), BIOS 3004 12/16/2019
> [ 49.420109] Workqueue: rpciod rpc_async_schedule [sunrpc]
> [ 49.420123] RIP: 0010:xdr_shrink_pagelen+0x9e/0xa0 [sunrpc]
> [ 49.420124] Code: 29 ea e8 85 f4 ff ff 44 8b 63 34 8b 43 3c 45 29 ec 44 29 e8 3b 43 40 44 89 63 34 89 43 3c 73 03 89 43 40 5b 41 5c 41 5d 5d c3 <0f> 0b 0f 1f 44 00 00 4c 8d 54 24 08 48 83 e4 f0 b9 04 00 00 00 41
> [ 49.420126] RSP: 0018:ffffb93787be7b38 EFLAGS: 00010287
> [ 49.420128] RAX: 000000000000000c RBX: 000000000000006c RCX: 000000000000001c
> [ 49.420129] RDX: 000000000000005c RSI: 0000000000000010 RDI: ffff8e1a87c56e50
> [ 49.420130] RBP: ffffb93787be7b50 R08: ffff8e1b06999700 R09: 0000000000000000
> [ 49.420131] R10: 00000000ffffffff R11: ffff8e1b0ecd1cd0 R12: ffff8e1a87c56e50
> [ 49.420132] R13: ffffb93787be7c00 R14: 0000000000000058 R15: ffffffffc228e8c0
> [ 49.420134] FS: 0000000000000000(0000) GS:ffff8e1b1ea00000(0000) knlGS:0000000000000000
> [ 49.420135] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 49.420136] CR2: 00007ffa1faeb000 CR3: 0000000f19abe000 CR4: 0000000000340ee0
> [ 49.420137] Call Trace:
> [ 49.420150] xdr_buf_read_netobj+0x122/0x180 [sunrpc]
> [ 49.420154] ? kzfree+0x2d/0x40
> [ 49.420158] ? crypto_destroy_tfm+0x73/0xb0
> [ 49.420162] gss_unwrap_resp_integ.isra.11+0x9c/0x100 [auth_rpcgss]
> [ 49.420164] ? gss_unwrap_resp_integ.isra.11+0x9c/0x100 [auth_rpcgss]
> [ 49.420167] gss_unwrap_resp+0x13c/0x280 [auth_rpcgss]
> [ 49.420170] ? gss_unwrap_resp+0x13c/0x280 [auth_rpcgss]
> [ 49.420172] ? gss_validate+0x242/0x300 [auth_rpcgss]
> [ 49.420184] ? nfs4_xdr_dec_readdir+0x100/0x100 [nfsv4]
> [ 49.420194] rpcauth_unwrap_resp+0x67/0xe0 [sunrpc]
> [ 49.420204] ? nfs4_xdr_dec_readdir+0x100/0x100 [nfsv4]
> [ 49.420213] call_decode+0x1c4/0x880 [sunrpc]
> [ 49.420216] ? __switch_to_asm+0x35/0x70
> [ 49.420224] ? rpc_check_timeout+0x130/0x130 [sunrpc]
> [ 49.420233] __rpc_execute+0x7a/0x3f0 [sunrpc]
> [ 49.420242] rpc_async_schedule+0x12/0x20 [sunrpc]
> [ 49.420245] process_one_work+0x1fd/0x400
> [ 49.420247] worker_thread+0x34/0x410
> [ 49.420249] kthread+0x121/0x140
> [ 49.420250] ? process_one_work+0x400/0x400
> [ 49.420252] ? kthread_park+0xb0/0xb0
> [ 49.420254] ret_from_fork+0x22/0x40
> 
> == Fixes ==
> * e8d70b32 (SUNRPC: Fix another issue with MIC buffer space)
> Instead of calling BUG_ON, this patch will just cap the number of bytes
> that xdr_shrink_pagelen() will move.
> 
> Only Disco kernel needs this patch, for Bionic and earlier they don't
> have 5f1bc39, and this fix has been applied to Eoan and onward.
> 
> == Test ==
> Test kernel can be found here:
> https://people.canonical.com/~phlin/kernel/lp-1858832-sunrpc-bufferhandling/
> 
> And it's been stress-tested by the bug reporter, Michael, this issue
> can no longer be reproduced.
> 
> == Regression Potential ==
> Low. It's just changing the length of bytes to shrink, change limited
> to a single driver with positive test result.
> 
> Chuck Lever (1):
>    SUNRPC: Fix another issue with MIC buffer space
> 
>   net/sunrpc/xdr.c | 11 +++++------
>   1 file changed, 5 insertions(+), 6 deletions(-)
> 


Acked-by: Connor Kuehl <connor.kuehl at canonical.com>



More information about the kernel-team mailing list