在 2025/2/21 00:47, Jeff Layton 写道:
Most of the nfsd4_run_cb() callers are converted to use this new flag or
the nfsd4_try_run_cb() wrapper. The main exception is the callback
channel probe, which has its own synchronization.
Hi Jeff:
We had a null-ptr-deref in nfsd4_probe_callback():
[24225.738349] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
...
[24225.803480] Call trace:
[24225.804639] __queue_work+0xb4/0x558
[24225.805949] queue_work_on+0x88/0x90
[24225.807306] nfsd4_probe_callback+0x4c/0x58 [nfsd]
[24225.808896] nfsd4_probe_callback_sync+0x20/0x38 [nfsd]
[24225.808909] nfsd4_init_conn.isra.57+0x8c/0xa8 [nfsd]
[24225.815204] nfsd4_create_session+0x5b8/0x718 [nfsd]
[24225.817711] nfsd4_proc_compound+0x4c0/0x710 [nfsd]
[24225.819329] nfsd_dispatch+0x104/0x248 [nfsd]
[24225.820742] svc_process_common+0x348/0x808 [sunrpc]
[24225.822294] svc_process+0xb0/0xc8 [sunrpc]
[24225.823760] nfsd+0xf0/0x160 [nfsd]
[24225.825006] kthread+0x134/0x138
[24225.826336] ret_from_fork+0x10/0x18
Is this patch or patchset can fix this issue? And I'm having trouble
understanding the commit message "callback channel probe has its own
synchronization", I'd appreciate it if you could explain in more detail.
Thanks,
ChenXiaoSong.
