https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-2900 Lustre <p>When a Lustre file system is mounted via NFS and a mkdir operation is attempted, a null pointer dereference occurs in ll_fsync.</p> <p>With 2.x, Lustre added support for different VFS fsync APIs that do not include a dentry parameter. </p> <p>To make the logic the same in all cases, the old ll_fsync interface was changed to pull the inode from the f_dentry in the file parameter. </p> <p>In some cases when using the old ll_fsync interface, the caller does not set the file parameter resulting in a NULL dereference. The fix to this is to restore the old logic in those cases: when a dentry parameter is provided, get the inode from that parameter rather than the file parameter.</p> <p>Here's the current code in llite/file.c (same throughout 2.x):</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">#ifdef HAVE_FILE_FSYNC_4ARGS <span class="code-object">int</span> ll_fsync(struct file *file, loff_t start, loff_t end, <span class="code-object">int</span> data) #elif defined(HAVE_FILE_FSYNC_2ARGS) <span class="code-object">int</span> ll_fsync(struct file *file, <span class="code-object">int</span> data) #<span class="code-keyword">else</span> <span class="code-object">int</span> ll_fsync(struct file *file, struct dentry *dentry, <span class="code-object">int</span> data) #endif { struct inode *inode = file-&gt;f_dentry-&gt;d_inode; struct ll_inode_info *lli = ll_i2info(inode); </pre> </div></div> <p>Here's the proposed fix:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">/* * When dentry is provided (the <span class="code-quote">'<span class="code-keyword">else</span>'</span> <span class="code-keyword">case</span>), *file may be <span class="code-keyword">null</span> * and dentry must be used directly rather than pulled from *file * as is done otherwise. */ #ifdef HAVE_FILE_FSYNC_4ARGS <span class="code-object">int</span> ll_fsync(struct file *file, loff_t start, loff_t end, <span class="code-object">int</span> data) #elif defined(HAVE_FILE_FSYNC_2ARGS) <span class="code-object">int</span> ll_fsync(struct file *file, <span class="code-object">int</span> data) #<span class="code-keyword">else</span> <span class="code-object">int</span> ll_fsync(struct file *file, struct dentry *dentry, <span class="code-object">int</span> data) #endif { #<span class="code-keyword">if</span> defined(HAVE_FILE_FSYNC_4ARGS) || defined(HAVE_FILE_FSYNC_2ARGS) struct inode *inode = file-&gt;f_dentry-&gt;d_inode; #<span class="code-keyword">else</span> struct inode *inode = dentry-&gt;d_inode; #endif struct ll_inode_info *lli = ll_i2info(inode); </pre> </div></div> <p>The fix has been tested at Cray, both under the general acceptance-small tests and specifically for the NFS issue.</p> <p>I'll be putting the patch in Gerrit shortly.</p> SLES11SP1 (Cray Linux Environment) LU-2900

Null pointer dereference in ll_fsync (llite/file.c) from mkdir in an NFS mounted Lustre fs

Bug Major Resolved Fixed Bob Glossman Patrick Farrell NFS patch Mon, 4 Mar 2013 11:36:19 +0000 Wed, 6 Nov 2013 17:30:28 +0000 Wed, 3 Apr 2013 14:02:37 +0000 Lustre 2.0.0 Lustre 2.2.0 Lustre 2.3.0 Lustre 2.4.0 Lustre 2.1.1 Lustre 2.1.2 Lustre 2.1.3 Lustre 2.1.4 Lustre 2.4.0 0 5 <p>Bob,<br/> There is no need for a 2.4 patch unless this is also happening with SLES11SP2.</p> <p>I don't think this will happen in SLES11SP2. From the description and the proposed fix, this only occurs when neither HAVE_FILE_FSYNC_4ARGS or HAVE_FILE_FSYNC_2ARGS is #define'd. In SLES11SP2 HAVE_FILE_FSYNC_4ARGS is #define'd so the existing code should work fine.</p> <p>Here's the Gerrit link:<br/> <a href="http://review.whamcloud.com/#change,5582" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#change,5582</a></p> <p>Bob correctly commented on the patch in Gerrit that the file* is not null - That's my error here.</p> <p>It is, in fact, the file-&gt;f_dentry pointer that is sometimes null. The file pointer is always present. <br/> The code the changes remains the same, but the comments have been changed to reflect this.</p> <p>My apologies for the error!</p> <p>Here is the new patch:<br/> <a href="http://review.whamcloud.com/5585" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/5585</a></p> <p>Just FYI you could have just amended your original commit &amp; pushed it again. It would have shown up as Patch Set 2 in the original gerrit change. Somewhat simpler than abandoning one change and creating a whole new one.</p> <p>I don't see how to close this - or if that's possible for me - but the patch has been accepted by Oleg and is in master, so this should be closed.</p> <p>Thanks!</p> <p>Patch landed to master.</p> Duplicate LU-1334 Development Rank 1|hzvk4v: Rank (Obsolete) 6987 Severity