* [PATCH] [2.6] Make reiserfs not to crash on oom
@ 2004-05-12 16:50 Oleg Drokin
2004-05-12 18:01 ` Dave Jones
2004-05-12 18:31 ` Chris Mason
0 siblings, 2 replies; 5+ messages in thread
From: Oleg Drokin @ 2004-05-12 16:50 UTC (permalink / raw)
To: akpm, linux-kernel, mason, reiserfs-dev
Hello!
Thanks to Standford guys, a case where reiserfs can dereference NULL pointer
if memory allocation fail during mount was identified.
Here's 2.6 version of patch.
Bye,
Oleg
===== fs/reiserfs/journal.c 1.91 vs edited =====
--- 1.91/fs/reiserfs/journal.c Mon May 10 14:25:42 2004
+++ edited/fs/reiserfs/journal.c Wed May 12 19:28:18 2004
@@ -2260,8 +2260,10 @@
INIT_LIST_HEAD (&SB_JOURNAL(p_s_sb)->j_prealloc_list);
INIT_LIST_HEAD(&SB_JOURNAL(p_s_sb)->j_working_list);
INIT_LIST_HEAD(&SB_JOURNAL(p_s_sb)->j_journal_list);
- reiserfs_allocate_list_bitmaps(p_s_sb, SB_JOURNAL(p_s_sb)->j_list_bitmap,
- SB_BMAP_NR(p_s_sb)) ;
+ if (reiserfs_allocate_list_bitmaps(p_s_sb,
+ SB_JOURNAL(p_s_sb)->j_list_bitmap,
+ SB_BMAP_NR(p_s_sb)))
+ goto free_and_return ;
allocate_bitmap_nodes(p_s_sb) ;
/* reserved for journal area support */
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] [2.6] Make reiserfs not to crash on oom
2004-05-12 16:50 [PATCH] [2.6] Make reiserfs not to crash on oom Oleg Drokin
@ 2004-05-12 18:01 ` Dave Jones
2004-05-12 18:20 ` Oleg Drokin
2004-05-12 18:31 ` Chris Mason
1 sibling, 1 reply; 5+ messages in thread
From: Dave Jones @ 2004-05-12 18:01 UTC (permalink / raw)
To: Oleg Drokin; +Cc: akpm, linux-kernel, mason, reiserfs-dev
On Wed, May 12, 2004 at 07:50:38PM +0300, Oleg Drokin wrote:
> Hello!
>
> Thanks to Standford guys, a case where reiserfs can dereference NULL pointer
> if memory allocation fail during mount was identified.
>
> @@ -2260,8 +2260,10 @@
> INIT_LIST_HEAD (&SB_JOURNAL(p_s_sb)->j_prealloc_list);
> INIT_LIST_HEAD(&SB_JOURNAL(p_s_sb)->j_working_list);
> INIT_LIST_HEAD(&SB_JOURNAL(p_s_sb)->j_journal_list);
> - reiserfs_allocate_list_bitmaps(p_s_sb, SB_JOURNAL(p_s_sb)->j_list_bitmap,
> - SB_BMAP_NR(p_s_sb)) ;
> + if (reiserfs_allocate_list_bitmaps(p_s_sb,
> + SB_JOURNAL(p_s_sb)->j_list_bitmap,
> + SB_BMAP_NR(p_s_sb)))
> + goto free_and_return ;
> allocate_bitmap_nodes(p_s_sb) ;
Are you leaking the 'journal' allocation here?
(Ditto some of the other failure paths too)
There's also a typod 'jornal' a few lines further down.
Dave
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] [2.6] Make reiserfs not to crash on oom
2004-05-12 18:01 ` Dave Jones
@ 2004-05-12 18:20 ` Oleg Drokin
2004-05-12 18:22 ` Dave Jones
0 siblings, 1 reply; 5+ messages in thread
From: Oleg Drokin @ 2004-05-12 18:20 UTC (permalink / raw)
To: Dave Jones, akpm, linux-kernel, mason, reiserfs-dev
Hello!
On Wed, May 12, 2004 at 07:01:45PM +0100, Dave Jones wrote:
> > Thanks to Standford guys, a case where reiserfs can dereference NULL pointer
> > if memory allocation fail during mount was identified.
> >
> > @@ -2260,8 +2260,10 @@
> > INIT_LIST_HEAD (&SB_JOURNAL(p_s_sb)->j_prealloc_list);
> > INIT_LIST_HEAD(&SB_JOURNAL(p_s_sb)->j_working_list);
> > INIT_LIST_HEAD(&SB_JOURNAL(p_s_sb)->j_journal_list);
> > - reiserfs_allocate_list_bitmaps(p_s_sb, SB_JOURNAL(p_s_sb)->j_list_bitmap,
> > - SB_BMAP_NR(p_s_sb)) ;
> > + if (reiserfs_allocate_list_bitmaps(p_s_sb,
> > + SB_JOURNAL(p_s_sb)->j_list_bitmap,
> > + SB_BMAP_NR(p_s_sb)))
> > + goto free_and_return ;
> > allocate_bitmap_nodes(p_s_sb) ;
> Are you leaking the 'journal' allocation here?
> (Ditto some of the other failure paths too)
No, there is "vfree(SB_JOURNAL(p_s_sb)) ;" at the end of free_journal_ram()
that is called if we jump to that free_and_return label.
> There's also a typod 'jornal' a few lines further down.
Yup. Fortunatelly it does not break anything ;)
If somebody to catch all typos and misspellings in reiserfs code, that would
worth a separate patch (and it will be big).
Bye,
Oleg
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] [2.6] Make reiserfs not to crash on oom
2004-05-12 18:20 ` Oleg Drokin
@ 2004-05-12 18:22 ` Dave Jones
0 siblings, 0 replies; 5+ messages in thread
From: Dave Jones @ 2004-05-12 18:22 UTC (permalink / raw)
To: Oleg Drokin; +Cc: akpm, linux-kernel, mason, reiserfs-dev
On Wed, May 12, 2004 at 09:20:35PM +0300, Oleg Drokin wrote:
> > (Ditto some of the other failure paths too)
> No, there is "vfree(SB_JOURNAL(p_s_sb)) ;" at the end of free_journal_ram()
> that is called if we jump to that free_and_return label.
Ah, I overlooked the double assignment of the vmalloc result 8)
Dave
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] [2.6] Make reiserfs not to crash on oom
2004-05-12 16:50 [PATCH] [2.6] Make reiserfs not to crash on oom Oleg Drokin
2004-05-12 18:01 ` Dave Jones
@ 2004-05-12 18:31 ` Chris Mason
1 sibling, 0 replies; 5+ messages in thread
From: Chris Mason @ 2004-05-12 18:31 UTC (permalink / raw)
To: Oleg Drokin; +Cc: akpm, linux-kernel, reiserfs-dev
On Wed, 2004-05-12 at 12:50, Oleg Drokin wrote:
> Hello!
>
> Thanks to Standford guys, a case where reiserfs can dereference NULL pointer
> if memory allocation fail during mount was identified.
>
> Here's 2.6 version of patch.
Thanks Oleg, this looks right.
-chris
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-05-12 18:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-05-12 16:50 [PATCH] [2.6] Make reiserfs not to crash on oom Oleg Drokin
2004-05-12 18:01 ` Dave Jones
2004-05-12 18:20 ` Oleg Drokin
2004-05-12 18:22 ` Dave Jones
2004-05-12 18:31 ` Chris Mason
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.