[LU-3221] calling set_fs(KERNEL_DS) may break copy_from_user() on SPARC Created: 24/Apr/13 Updated: 11/Jun/13 Resolved: 11/Jun/13 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.5.0 |
| Fix Version/s: | Lustre 2.5.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | John Hammond | Assignee: | John Hammond |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | lov, sparc | ||
| Environment: |
64-bit SPARC T2000 |
||
| Severity: | 3 |
| Rank (Obsolete): | 7864 |
| Description |
|
I looks like our use of set_fs() may cause SPARC kernels to oops during userspace access. [root@t2000-08 lustre]# lfs setstripe -c2 f2
Killed
Kernel unaligned access at TPC[5c38fc] copy_user_page+0x5c/0x6c
Unable to handle kernel paging request in mna handler
at virtual address 0000000000003fff
current->{active_,}mm->context = 0000000000001542
current->{active_,}mm->pgd = fffff803eaa24000
\|/ ____ \|/
"@'/ .. \`@"
/_| \__/ |_\
\__U_/
lfs(16862): Oops [#1]
TSTATE: 0000000080001601 TPC: 00000000005c38fc TNPC: 00000000005c3900 Y: fffffffe Not t
ainted
TPC: <copy_user_page+0x5c/0x6c>
g0: fffff8031018ef31 g1: 0000000000000080 g2: fffff8031018c008 g3: 0000000000003fff
g4: fffff803f6c1f7e0 g5: fffff8000888c000 g6: fffff8031018c000 g7: 0000000000004000
o0: fffff8031018f838 o1: 000007feffdd1164 o2: 000000000000001f o3: ffffffffffddf97c
o4: 000007feffdd1164 o5: 00000000101a8000 sp: fffff8031018ef81 ret_pc: 0000000010d46040
RPC: <lov_getstripe+0x80/0xbc0 [lov]>
l0: fffff8031018f838 l1: 0000000000000011 l2: fffff8031018f880 l3: 00000000101a8000
l4: 00000000101a8000 l5: fffff803ec74d400 l6: fffff8031018c000 l7: 000007feffdd1164
i0: fffff803ec74d400 i1: fffff803e9ef9800 i2: 000007feffdd1164 i3: 0000000002000004
i4: fffff803f586aed8 i5: fffff8031018fa10 i6: fffff8031018f081 i7: 0000000010d3d148
I7: <lov_iocontrol+0x2e8/0x35e0 [lov]>
Disabling lock debugging due to kernel taint
Caller[0000000010d3d148]: lov_iocontrol+0x2e8/0x35e0 [lov]
Caller[0000000010dffb04]: ll_lov_setstripe+0x224/0x8a0 [lustre]
Caller[0000000010e0bcc8]: ll_file_ioctl+0x14e8/0x44a0 [lustre]
Caller[0000000000503a04]: vfs_ioctl+0x20/0x8c
Caller[000000000050403c]: do_vfs_ioctl+0x528/0x570
Caller[00000000005040cc]: SyS_ioctl+0x48/0x74
Caller[0000000000406254]: linux_sparc_syscall+0x34/0x44
Caller[0000000000124b0c]: 0x124b0c
Instruction DUMP: d0f0cb00 c2f00b80 8143e040 <d2f0cb00> c4f00b80 8143e040 8d92a000 10680053 01000000
If the call to set_fs() is removed from lov_getstripe() then there is no oops here. It seems that with address limit set to KERNEL_DS strict alignment restrictions are in effect during copy_to_user(), but I have not confirmed that. The good news is that there is no reason the change the address limits in lov_getstripe() since the relevant pointer only comes from userspace, and thus that the call to set_fs() can be removed. |
| Comments |
| Comment by John Hammond [ 24/Apr/13 ] |
|
Please see http://review.whamcloud.com/6150. |
| Comment by Andreas Dilger [ 25/Apr/13 ] |
This was not the case in earlier versions of Lustre, since the LOV code was shared between the MDS and client. |
| Comment by John Hammond [ 11/Jun/13 ] |
|
Patch landed. |