Bug #3404: oops in strlen() from set_request_path_attr() - CephFS - Ceph

Bug #3404


 Restarting an nfs server exporting ceph will try to dereference a null pointer. 

 Program received signal SIGSEGV, Segmentation fault. 
 0x000000006057cbc1 in strlen (s=0x0) at /home/dzafman/linux/lib/string.c:388 
 388               for (sc = s; *sc != '\0'; ++sc) 
 (gdb) bt 
 #0    0x000000006057cbc1 in strlen (s=0x0) at /home/dzafman/linux/lib/string.c:388 
 #1    0x0000000060539e04 in set_request_path_attr (rinode=0x0, rdentry=0x0, rpath=<optimized out>, rino=<optimized out>, 
     ppath=0x6de759b8, pathlen=0x6de759e0, ino=0x6de759c8, freepath=0x6de759e8) at /home/dzafman/linux/fs/ceph/mds_client.c:1593 
 #2    0x000000006053a063 in create_request_message (mds=0, req=0x6e11dbf0, mdsc=0x6c156bf0) 
     at /home/dzafman/linux/fs/ceph/mds_client.c:1619 
 #3    __prepare_send_request (mdsc=0x6c156bf0, req=0x6e11dbf0, mds=0) at /home/dzafman/linux/fs/ceph/mds_client.c:1775 
 #4    0x000000006053af33 in __do_request (mdsc=0x6c156bf0, req=0x6e11dbf0) at /home/dzafman/linux/fs/ceph/mds_client.c:1856 
 #5    0x000000006053c1d6 in ceph_mdsc_do_request (mdsc=0x6c156bf0, dir=0x0, req=0x6e11dbf0) 
     at /home/dzafman/linux/fs/ceph/mds_client.c:1943 
 #6    0x0000000060528b54 in __cfh_to_dentry (cfh=<optimized out>, sb=<optimized out>) at /home/dzafman/linux/fs/ceph/export.c:183 
 #7    ceph_fh_to_dentry (sb=<optimized out>, fid=0x6d70d04c, fh_len=<optimized out>, fh_type=<optimized out>) 
     at /home/dzafman/linux/fs/ceph/export.c:214 
 #8    0x00000000602253ce in exportfs_decode_fh (mnt=0x6e29af18, fid=0x6d70d04c, fh_len=5, fileid_type=2, 
     acceptable=0x602285a6 <nfsd_acceptable>, context=0x6cbd2ef0) at /home/dzafman/linux/fs/exportfs/expfs.c:384 
 #9    0x0000000060228a2e in nfsd_set_fh_dentry (fhp=0x6d70d040, rqstp=0x6c120000) at /home/dzafman/linux/fs/nfsd/nfsfh.c:242 
 #10 fh_verify (rqstp=0x6c120000, fhp=0x6d70d040, type=0, access=1024) at /home/dzafman/linux/fs/nfsd/nfsfh.c:305 
 #11 0x0000000060234ca1 in nfsd4_putfh (rqstp=0x6c120000, cstate=0x6d70d040, putfh=0x6d5b10a0) 
     at /home/dzafman/linux/fs/nfsd/nfs4proc.c:434 
 #12 0x00000000602347c5 in nfsd4_proc_compound (rqstp=0x6c120000, args=0x6d5b1000, resp=0x6d70d000) 
     at /home/dzafman/linux/fs/nfsd/nfs4proc.c:1246 
 #13 0x0000000060226225 in nfsd_dispatch (rqstp=0x6c120000, statp=0x6f446018) at /home/dzafman/linux/fs/nfsd/nfssvc.c:626 
 #14 0x0000000060657602 in svc_process_common (resv=0x6c1201d8, argv=0x6c120198, rqstp=0x6c120000) 
     at /home/dzafman/linux/net/sunrpc/svc.c:1200 
 #15 svc_process (rqstp=0x6c120000) at /home/dzafman/linux/net/sunrpc/svc.c:1325 
 #16 0x0000000060225828 in nfsd (vrqstp=0x6c120000) at /home/dzafman/linux/fs/nfsd/nfssvc.c:548 
 #17 0x000000006005da16 in kthread (_create=0x6e1fbb78) at /home/dzafman/linux/kernel/kthread.c:121 
 #18 0x0000000060035bf3 in run_kernel_thread (fn=0x6005d94b <kthread>, arg=0x6e1fbb78, jmp_ptr=<optimized out>) 
     at /home/dzafman/linux/arch/um/os-Linux/process.c:257 
 #19 0x0000000060022b5a in new_thread_handler () at /home/dzafman/linux/arch/um/kernel/process.c:153 

 This code in set_request_path_attr() is bad if rino != 0 but rpath == NULL 

         } else if (rpath || rino) { 
                 *ino = rino; 
                 *ppath = rpath; 
                 *pathlen = strlen(rpath);

Back

Project

General

Profile

Ceph » CephFS

Bug #3404