SUSE Support

Here When You Need Us

null pointer dereference in nfs_lookup_revalidate

This document (7011866) is provided subject to the disclaimer at the end of this document.

Environment


SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP1

Situation

The system panics and leaves a backtrace with:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
and
RIP: 0010:[<ffffffffa02a6fe9>]  [<ffffffffa02a6fe9>] nfs_lookup_revalidate+0x219/0x500 [nfs]

 #0 [] machine_kexec at ffffffff81020ac2
 #1 [] crash_kexec at ffffffff810887e0
 #2 [] oops_end at ffffffff8139f600
 #3 [] __bad_area_nosemaphore at ffffffff8102ed15
 #4 [] __wake_up at ffffffff8103aa73
 #5 [] page_fault at ffffffff8139e87f
    [exception RIP: nfs_lookup_revalidate+537]
    RIP: ffffffffa0374fe9  RSP: ffff880bd2275c28  RFLAGS: 00010246
    RAX: ffff8805f7d2a102  RBX: 0000000000000000  RCX: 0000000000000000
    RDX: 0000000000000009  RSI: 0000000000000001  RDI: ffff880c0e5cdc00
    RBP: ffff8805f7d295b0   R8: 0000000000000004   R9: ffff88060e3ba0c0
    R10: 0000000000000004  R11: ffffffff81185330  R12: ffff8805faa38500
    R13: ffff8805f6eee9b0  R14: ffff8805f6eee800  R15: ffff8805febc0180
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #6 [] nfs_lookup_revalidate at ffffffffa0374f75
 #7 [] __put_nfs_open_context at ffffffffa03790f5
 #8 [] dput at ffffffff8111279a
 #9 [] nfs_lookup_revalidate at ffffffffa037501a
#10 [] bit_waitqueue at ffffffff810657d0
#11 [] nfs_access_get_cached at ffffffffa0372c87
#12 [] nfs_do_access at ffffffffa0373059
#13 [] __lookup_hash at ffffffff811088e6
#14 [] lookup_one_len at ffffffff811095f9
#15 [] nfs_sillyrename at ffffffffa0372043
#16 [] nfs_unlink at ffffffffa0373806
#17 [] vfs_unlink at ffffffff8110a061
#18 [] do_unlinkat at ffffffff8110c8c1
#19 [] mntput_no_expire at ffffffff811199f3
#20 [] filp_close at ffffffff810fd046
#21 [] system_call_fastpath at ffffffff81002f7b

Resolution

The SLES11 SP2 kernel update to kernel 3.0.58-0.6.2.1 includes the patch to resolve the problem.
Customers with SLES11 SP1 and with a long term support contract (LTSS) can contact SUSE Technical Services to get a PTF (temporary fix) until a LTSS kernel including the patch will be released.

Cause

So far there has been no reproducible case that is known to trigger the Oops and only the backtrace with the "exception RIP: nfs_lookup_revalidate" will point to the problem.

Analysis of the Oops showed that it is due to lookup_one_len() calling down to the dentry revalidation code with a NULL pointer to struct nameidata.

The NULL pointer here is nd passed to nfs_lookup_revalidate. This is called from lookup_one_len() as NULL and nfs_lookup_revalidate() should check for nd to be NULL. The patch corrects the problem.

It affects all kernel <=3.5, and was corrected with an upstream patch submitted to kernel.org

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011866
  • Creation Date: 01-Mar-2013
  • Modified Date:14-Oct-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.