Kernel Oops when issuing fcntl on an AUFS directory
Hi,
the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
fcntl support code (#627782) which unfortunately results in a kernel
Oops when the fcntl is called on a directory. This breaks e.g. copying
files from an AUFS filesystem on a remote machine using scp.
Minimal code to reproduce the problem:
#v+
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
int main (int argc, char **argv) {
const char *fname = NULL;
int fd;
if (argc != 2)
exit (1);
fname = argv[1];
fd = open (fname, O_RDONLY|O_NONBLOCK);
printf ("fd %d\n", fd);
fcntl (fd, F_SETFL, O_RDONLY);
return 0;
}
#v-
Call the program on regular a file (nothing happens) and then on a
directory (Oops).
The Oops happens in fs/fcntl.c:
#v+
if (!error && filp->f_op->owner &&
!strcmp(filp->f_op->owner->name, "aufs") &&
strstr(filp->f_op->owner->version, "+setfl"))
error = filp->f_op->setfl(filp, arg);
#v-
>From fs/aufs/inode.c:
#v+
case S_IFREG:
[...]
inode->i_fop = &aufs_file_fop;
[...]
case S_IFDIR:
[...]
inode->i_fop = &aufs_dir_fop;
#v-
The aufs_file_fop structure sets the value of the .setfl member to
aufs_setfl (f_op.c). aufs_dir_fop (dir.c) on the other hand does not.
dmesg:
#v+
[42990.915100] aufs 3.2.x+setfl-debian
[43046.383421] BUG: unable to handle kernel NULL pointer dereference at (null)
[43046.384011] IP: [< (null)>] (null)
[43046.384369] PGD 3d0f1067 PUD 3b8cc067 PMD 0
[43046.384688] Oops: 0010 [#1] SMP
[43046.385620] Call Trace:
[...]
[43046.385620] [<ffffffff81108701>] ? setfl+0xf1/0x157
[43046.385620] [<ffffffff81108b9e>] ? sys_fcntl+0x1dc/0x3b0
[43046.385620] [<ffffffff81358af2>] ? system_call_fastpath+0x16/0x1b
#v-
gdb:
#v+
0xffffffff811086d3 <+195>: callq 0xffffffff811b2bd2 <strcmp>
0xffffffff811086d8 <+200>: test %eax,%eax
0xffffffff811086da <+202>: jne 0xffffffff81108705 <setfl+245>
0xffffffff811086dc <+204>: mov 0xb0(%r13),%rdi
0xffffffff811086e3 <+211>: mov $0xffffffff814dc9e4,%rsi
0xffffffff811086ea <+218>: callq 0xffffffff811b2e25 <strstr>
0xffffffff811086ef <+223>: test %rax,%rax
0xffffffff811086f2 <+226>: je 0xffffffff81108705 <setfl+245>
0xffffffff811086f4 <+228>: mov %rbp,%rsi
0xffffffff811086f7 <+231>: mov %rbx,%rdi
0xffffffff811086fa <+234>: callq *0xd0(%r14)
0xffffffff81108701 <+241>: test %eax,%eax
#v-
Naturally it happens both on i686 and amd64.
BTW, changelog link on the package's page[1] is dead.
Interesting changelog's part:
* aufs: Make fcntl(F_SETFL, ...) work (Closes: #627782):
- for aufs: new f_op->setfl() to support fcntl(F_SETFL)
- aufs: implement new f_op->setfl()
- fs: Fix ABI change for aufs F_SETFL fix
Is there any chance for a fix in some future wheezy-lts update?
[1] https://packages.debian.org/wheezy/linux-image-3.2.0-4-amd64
--
Marcin Szewczyk
http://wodny.org
Reply to: