1
linux/net
OGAWA Hirofumi a271c5a0de NFS: Ensure that rpc_release_resources_task() can be called twice.
BUG: atomic_dec_and_test(): -1: atomic counter underflow at:
Pid: 2827, comm: mount.nfs Not tainted 2.6.38 #1
Call Trace:
 [<ffffffffa02223a0>] ? put_rpccred+0x44/0x14e [sunrpc]
 [<ffffffffa021bbe9>] ? rpc_ping+0x4e/0x58 [sunrpc]
 [<ffffffffa021c4a5>] ? rpc_create+0x481/0x4fc [sunrpc]
 [<ffffffffa022298a>] ? rpcauth_lookup_credcache+0xab/0x22d [sunrpc]
 [<ffffffffa028be8c>] ? nfs_create_rpc_client+0xa6/0xeb [nfs]
 [<ffffffffa028c660>] ? nfs4_set_client+0xc2/0x1f9 [nfs]
 [<ffffffffa028cd3c>] ? nfs4_create_server+0xf2/0x2a6 [nfs]
 [<ffffffffa0295d07>] ? nfs4_remote_mount+0x4e/0x14a [nfs]
 [<ffffffff810dd570>] ? vfs_kern_mount+0x6e/0x133
 [<ffffffffa029605a>] ? nfs_do_root_mount+0x76/0x95 [nfs]
 [<ffffffffa029643d>] ? nfs4_try_mount+0x56/0xaf [nfs]
 [<ffffffffa0297434>] ? nfs_get_sb+0x435/0x73c [nfs]
 [<ffffffff810dd59b>] ? vfs_kern_mount+0x99/0x133
 [<ffffffff810dd693>] ? do_kern_mount+0x48/0xd8
 [<ffffffff810f5b75>] ? do_mount+0x6da/0x741
 [<ffffffff810f5c5f>] ? sys_mount+0x83/0xc0
 [<ffffffff8100293b>] ? system_call_fastpath+0x16/0x1b

Well, so, I think this is real bug of nfs codes somewhere. With some
review, the code

rpc_call_sync()
    rpc_run_task
        rpc_execute()
            __rpc_execute()
                rpc_release_task()
                    rpc_release_resources_task()
                        put_rpccred()                <= release cred
    rpc_put_task
        rpc_do_put_task()
            rpc_release_resources_task()
                put_rpccred()                        <= release cred again

seems to be release cred unintendedly.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2011-03-27 17:55:36 +02:00
..
9p [net/9p]: Introduce basic flow-control for VirtIO transport. 2011-03-22 16:32:50 -05:00
802
8021q vlan: should take into account needed_headroom 2011-03-18 15:13:12 -07:00
appletalk net/appletalk: fix atalk_release use after free 2011-03-21 18:18:00 -07:00
atm ipv4: Create and use route lookup helpers. 2011-03-12 15:08:42 -08:00
ax25
batman-adv Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge 2011-03-07 00:37:13 -08:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2011-03-18 10:35:30 -07:00
bridge bridge: Fix possibly wrong MLD queries' ethernet source address 2011-03-22 19:26:42 -07:00
caif
can
ceph libceph: add lingering request and watch/notify event framework 2011-03-22 11:33:55 -07:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-25 21:02:22 -07:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Put fl6_* macros to struct flowi6 and use them again. 2011-03-12 15:08:55 -08:00
decnet decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dns_resolver DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076] 2011-03-04 09:56:19 +11:00
dsa dsa/mv88e6060: support nonzero mii base address 2011-03-08 14:24:20 -08:00
econet econet: 4 byte infoleak to the network 2011-03-18 15:12:15 -07:00
ethernet
ieee802154
ipv4 ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
ipv6 ipv6: ip6_route_output does not modify sk parameter, so make it const 2011-03-22 19:17:36 -07:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda
iucv
key pfkey: fix warning 2011-03-01 22:51:52 -08:00
l2tp l2tp: fix possible oops on l2tp_eth module unload 2011-03-21 18:10:25 -07:00
lapb
llc llc: avoid skb_clone() if there is only one handler 2011-02-28 12:28:50 -08:00
mac80211 mac80211: initialize sta->last_rx in sta_info_alloc 2011-03-21 15:19:50 -04:00
netfilter IPVS: Use global mutex in ip_vs_app.c 2011-03-21 20:39:24 -07:00
netlabel netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03 10:55:40 -08:00
netlink Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-03 21:27:42 -08:00
netrom
packet af_packet: struct socket declared/assigned but unused 2011-03-07 15:51:13 -08:00
phonet Phonet: fix aligned-mode pipe socket buffer header reserve 2011-03-15 14:55:49 -07:00
rds rds: use little-endian bitops 2011-03-23 19:46:16 -07:00
rfkill
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
sched ipv4: Remove flowi from struct rtable. 2011-03-04 21:55:31 -08:00
sctp ipv6: Convert to use flowi6 where applicable. 2011-03-12 15:08:54 -08:00
sunrpc NFS: Ensure that rpc_release_resources_task() can be called twice. 2011-03-27 17:55:36 +02:00
tipc tipc: delete extra semicolon blocking node deletion 2011-03-14 12:21:12 -04:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
wanrouter
wimax
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-03-15 14:16:48 -04:00
x25 x25: remove the BKL 2011-03-05 10:55:45 +01:00
xfrm xfrm: Fix initialize repl field of struct xfrm_state 2011-03-21 18:08:28 -07:00
compat.c
Kconfig
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c ethtool: Compat handling for struct ethtool_rxnfc 2011-03-18 15:13:11 -07:00
sysctl_net.c
TUNABLE