Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.5.0
-
64-bit SPARC T2000
lustre: 2.3.64 (vanilla + epsilon)
kernel: patchless_client
build: --PRISTINE-2.6.32.27.8dc3820 (client only)
-
3
-
7864
Description
I looks like our use of set_fs() may cause SPARC kernels to oops during userspace access.
[root@t2000-08 lustre]# lfs setstripe -c2 f2
Killed
Kernel unaligned access at TPC[5c38fc] copy_user_page+0x5c/0x6c
Unable to handle kernel paging request in mna handler
at virtual address 0000000000003fff
current->{active_,}mm->context = 0000000000001542
current->{active_,}mm->pgd = fffff803eaa24000
\|/ ____ \|/
"@'/ .. \`@"
/_| \__/ |_\
\__U_/
lfs(16862): Oops [#1]
TSTATE: 0000000080001601 TPC: 00000000005c38fc TNPC: 00000000005c3900 Y: fffffffe Not t
ainted
TPC: <copy_user_page+0x5c/0x6c>
g0: fffff8031018ef31 g1: 0000000000000080 g2: fffff8031018c008 g3: 0000000000003fff
g4: fffff803f6c1f7e0 g5: fffff8000888c000 g6: fffff8031018c000 g7: 0000000000004000
o0: fffff8031018f838 o1: 000007feffdd1164 o2: 000000000000001f o3: ffffffffffddf97c
o4: 000007feffdd1164 o5: 00000000101a8000 sp: fffff8031018ef81 ret_pc: 0000000010d46040
RPC: <lov_getstripe+0x80/0xbc0 [lov]>
l0: fffff8031018f838 l1: 0000000000000011 l2: fffff8031018f880 l3: 00000000101a8000
l4: 00000000101a8000 l5: fffff803ec74d400 l6: fffff8031018c000 l7: 000007feffdd1164
i0: fffff803ec74d400 i1: fffff803e9ef9800 i2: 000007feffdd1164 i3: 0000000002000004
i4: fffff803f586aed8 i5: fffff8031018fa10 i6: fffff8031018f081 i7: 0000000010d3d148
I7: <lov_iocontrol+0x2e8/0x35e0 [lov]>
Disabling lock debugging due to kernel taint
Caller[0000000010d3d148]: lov_iocontrol+0x2e8/0x35e0 [lov]
Caller[0000000010dffb04]: ll_lov_setstripe+0x224/0x8a0 [lustre]
Caller[0000000010e0bcc8]: ll_file_ioctl+0x14e8/0x44a0 [lustre]
Caller[0000000000503a04]: vfs_ioctl+0x20/0x8c
Caller[000000000050403c]: do_vfs_ioctl+0x528/0x570
Caller[00000000005040cc]: SyS_ioctl+0x48/0x74
Caller[0000000000406254]: linux_sparc_syscall+0x34/0x44
Caller[0000000000124b0c]: 0x124b0c
Instruction DUMP: d0f0cb00 c2f00b80 8143e040 <d2f0cb00> c4f00b80 8143e040 8d92a000 10680053 01000000
If the call to set_fs() is removed from lov_getstripe() then there is no oops here. It seems that with address limit set to KERNEL_DS strict alignment restrictions are in effect during copy_to_user(), but I have not confirmed that.
The good news is that there is no reason the change the address limits in lov_getstripe() since the relevant pointer only comes from userspace, and thus that the call to set_fs() can be removed.