Project

General

Profile

Actions
Copy link

Bug #2586

closed

nfs_make_dotdot() returns sometimes EIO

Added by Simon K about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Simon K
Category:
nfs - NFS server and client
Start date:
2012-04-04
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

I recently stumbled over a bug in nfs4_make_dotdot() function. It occurs on openindiana 148 and 151 machines with much NFS4 traffic. My software tries to open a file and gets (approximately from every third) open() call an EIO. I found out (with dtrace) that pva = pgar.n4g_va; (http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/fs/nfs/nfs4_subr.c#2142) points sometimes to unallocated memory. The reason is that remap_lookup() is allowed to return without any information for the parent filehandle (pgarp).

The second remap_lookup call tries to provide some information about the parent handle but nfs4_make_dotdot doesn't care about it. I'd assume that there should be one more pva = pgar.n4g_va; after that call to avoid trouble with the if() condition in line 2211.

I wrote a little patch which seems to be working in my short tests:

diff --git a/usr/src/uts/common/fs/nfs/nfs4_subr.c b/usr/src/uts/common/fs/nfs/nfs4_subr.c
index edc1602..57043a9 100644
--- a/usr/src/uts/common/fs/nfs/nfs4_subr.c
+++ b/usr/src/uts/common/fs/nfs/nfs4_subr.c
@@ -2110,8 +2110,10 @@ recov_retry:
                        goto out;
                }
        }
-       va.va_type = VNON;
-       pva.va_type = VNON;
+
+       pgar.n4g_va.va_type = VNON;
+       gar.n4g_va.va_type = VNON;
+
        remap_lookup(np, rootvp, RML_ORDINARY, cr,
            &newfh, &gar, &newpfh, &pgar, &e);
        if (nfs4_needs_recovery(&e, FALSE, mi->mi_vfsp)) {
@@ -2137,10 +2139,8 @@ recov_retry:
                goto out;
        }

-       if (!e.error) {
-               va = gar.n4g_va;
-               pva = pgar.n4g_va;
-       }
+       va = gar.n4g_va;
+       pva = pgar.n4g_va;

        if ((e.error != 0) ||
            (va.va_type != VDIR)) {
@@ -2173,6 +2173,8 @@ recov_retry:
                if (pnp != NULL) {
                        remap_lookup(pnp, rootvp, RML_ORDINARY, cr,
                            &newpfh, &pgar, NULL, NULL, &e);
+                       pva = pgar.n4g_va;
+
                        if (nfs4_needs_recovery(&e, FALSE,
                            mi->mi_vfsp)) {
                                if (need_start_op) {
Actions
Copy link
 #1

Updated by Rich Lowe about 11 years ago

  • Status changed from New to Pending RTI
Actions
Copy link
 #2

Updated by Albert Lee about 11 years ago

  • Status changed from Pending RTI to Resolved
  • Assignee set to Simon K
  • % Done changed from 0 to 100

Fixed in:
changeset: 13661:34a2ada0dd49
tag: tip
user: Simon Klinkert <>
date: Thu Apr 05 16:16:24 2012 +0200
files: usr/src/uts/common/fs/nfs/nfs4_subr.c
description:
2586 nfs_make_dotdot() returns sometimes EIO
Reviewed by: Garrett D'Amore <>
Reviewed by: Jeff Biseda <>
Reviewed by: Gary Mills <>
Reviewed by: Dan Kruchinin <>
Approved by: Albert Lee <>

Actions
Copy link

Also available in: Atom PDF