Re: 2.6.23-rc7-mm1 - 'touch' command causes Oops.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@infradead.org>
To: Valdis.Kletnieks@vt.edu
Cc: Andrew Morton <akpm@linux-foundation.org>, linux-kernel@vger.kernel.org
Subject: Re: 2.6.23-rc7-mm1 - 'touch' command causes Oops.
Date: Mon, 24 Sep 2007 13:05:08 +0100	[thread overview]
Message-ID: <20070924120508.GA15648@infradead.org> (raw)
In-Reply-To: <3339.1190630150@turing-police.cc.vt.edu>

On Mon, Sep 24, 2007 at 06:35:50AM -0400, Valdis.Kletnieks@vt.edu wrote:
> On Mon, 24 Sep 2007 02:17:16 PDT, Andrew Morton said:
> 
> > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc7/2.6.23-rc7-mm1/
> 
> It lived fast, it died young, it didn't leave a pretty corpse...
> 
> Something in the startup scripts did a 'touch', and ker-blam.
> [   15.668000] Call Trace:
> [   15.668000]  [<ffffffff802a4d20>] mnt_want_write+0x49/0xb5
> [   15.668000]  [<ffffffff802ad288>] do_utimes+0xd0/0x220
> [   15.668000]  [<ffffffff8035437b>] __up_read+0x7a/0x83
> [   15.668000]  [<ffffffff8024b1af>] up_read+0x9/0xb
> [   15.668000]  [<ffffffff8051977c>] do_page_fault+0x421/0x7d0
> [   15.668000]  [<ffffffff8028b370>] do_filp_open+0x36/0x46
> [   15.668000]  [<ffffffff802ad519>] sys_utimensat+0x8b/0xa5
> [   15.668000]  [<ffffffff80517a4d>] error_exit+0x0/0x84
> [   15.668000]  [<ffffffff8020c10e>] system_call+0x7e/0x83

do_times passes an unitialized vfsmount into mnt_want_write.  Here's
the quick fix (untested), but the right fix is to restructure the complete
mess do_utimes is (never let a libc developer write your kernel code.. :)):


Index: linux-2.6.23-rc6/fs/utimes.c
===================================================================
--- linux-2.6.23-rc6.orig/fs/utimes.c	2007-09-24 14:02:24.000000000 +0200
+++ linux-2.6.23-rc6/fs/utimes.c	2007-09-24 14:03:57.000000000 +0200
@@ -59,6 +59,7 @@ long do_utimes(int dfd, char __user *fil
 	struct inode *inode;
 	struct iattr newattrs;
 	struct file *f = NULL;
+	struct vfsmount *mnt;
 
 	error = -EINVAL;
 	if (times && (!nsec_valid(times[0].tv_nsec) ||
@@ -79,17 +80,19 @@ long do_utimes(int dfd, char __user *fil
 		if (!f)
 			goto out;
 		dentry = f->f_path.dentry;
+		mnt = f->f_path.mnt;
 	} else {
 		error = __user_walk_fd(dfd, filename, (flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW, &nd);
 		if (error)
 			goto out;
 
 		dentry = nd.dentry;
+		mnt = nd.mnt;
 	}
 
 	inode = dentry->d_inode;
 
-	error = mnt_want_write(nd.mnt);
+	error = mnt_want_write(mnt);
 	if (error)
 		goto dput_and_out;

next prev parent reply	other threads:[~2007-09-24 12:05 UTC|newest]

Thread overview: 84+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-09-24  9:17 2.6.23-rc7-mm1 Andrew Morton
2007-09-24 10:07 ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 21:02   ` 2.6.23-rc7-mm1 Sam Ravnborg
2007-09-24 21:36     ` 2.6.23-rc7-mm1 Sam Ravnborg
2007-09-24 23:27       ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 10:35 ` 2.6.23-rc7-mm1 - 'touch' command causes Oops Valdis.Kletnieks
2007-09-24 11:08   ` Balbir Singh
2007-09-24 12:05   ` Christoph Hellwig [this message]
2007-09-24 12:58     ` Valdis.Kletnieks
2007-09-24 15:45       ` Dave Hansen
2007-09-24 16:08         ` Valdis.Kletnieks
2007-09-24 11:30 ` [-mm Patch] net/bluetooth/hidp/core.c: Make hidp_setup_input() return int WANG Cong
2007-09-24 22:18   ` [Bluez-devel] " Marcel Holtmann
2007-09-24 22:18     ` Marcel Holtmann
2007-09-26  5:57     ` David Miller
2007-09-24 11:42 ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 12:32 ` 2.6.23-rc7-mm1 -- s390 compile failures Andy Whitcroft
2007-09-24 12:49   ` Cedric Le Goater
2007-09-24 12:33 ` 2.6.23-rc7-mm1 Jiri Slaby
2007-09-24 14:41   ` [linux-usb-devel] 2.6.23-rc7-mm1 Alan Stern
2007-09-24 18:45     ` Jiri Slaby
2007-09-24 19:06       ` Alan Stern
2007-09-24 19:18         ` Jiri Slaby
2007-09-24 19:41           ` Alan Stern
2007-09-30  8:26             ` Jiri Slaby
2007-09-24 12:35 ` 2.6.23-rc7-mm1 -- powerpc rtas panic Andy Whitcroft
2007-09-24 12:35   ` Andy Whitcroft
2007-10-02 23:28   ` Linas Vepstas
2007-10-02 23:28     ` Linas Vepstas
2007-10-03  0:26     ` Tony Breeds
2007-10-03  0:26       ` Tony Breeds
2007-10-03  0:30       ` Michael Ellerman
2007-10-03  0:30         ` Michael Ellerman
2007-10-03  1:19         ` Tony Breeds
2007-10-03  1:19           ` Tony Breeds
2007-10-03  4:09           ` Michael Ellerman
2007-10-03  4:09             ` Michael Ellerman
2007-10-03 18:50             ` Linas Vepstas
2007-10-03 18:50               ` Linas Vepstas
2007-10-05  0:01           ` Nish Aravamudan
2007-10-05  0:01             ` Nish Aravamudan
2007-10-05 16:03             ` Linas Vepstas
2007-10-05 16:03               ` Linas Vepstas
2007-10-08  3:47               ` Nish Aravamudan
2007-10-08  3:47                 ` Nish Aravamudan
2007-09-24 12:47 ` 2.6.23-rc7-mm1 Cedric Le Goater
2007-09-24 16:56   ` 2.6.23-rc7-mm1 Jens Axboe
2007-09-24 12:55 ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 13:10   ` 2.6.23-rc7-mm1 Pavel Emelyanov
2007-09-24 13:21     ` 2.6.23-rc7-mm1 Balbir Singh
2007-09-24 15:34       ` 2.6.23-rc7-mm1 Pavel Emelyanov
2007-09-24 16:10         ` 2.6.23-rc7-mm1 Balbir Singh
2007-09-24 13:00 ` 2.6.23-rc7-mm1 Cedric Le Goater
2007-09-24 13:10   ` 2.6.23-rc7-mm1 Cedric Le Goater
2007-09-24 13:29     ` 2.6.23-rc7-mm1 Vlad Yasevich
2007-09-24 16:58       ` 2.6.23-rc7-mm1 Jens Axboe
2007-09-24 16:57     ` 2.6.23-rc7-mm1 Jens Axboe
2007-09-24 13:13 ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 16:44   ` 2.6.23-rc7-mm1 Andrew Morton
2007-09-24 16:57     ` 2.6.23-rc7-mm1 Peter Zijlstra
2007-09-24 17:08       ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 19:20         ` 2.6.23-rc7-mm1 Peter Zijlstra
2007-09-25 11:05           ` 2.6.23-rc7-mm1 Peter Zijlstra
2007-09-25 13:07             ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-24 13:17 ` [PATCH rc7-mm1] fix BUG at mm/swap.c:405! Hugh Dickins
2007-09-24 14:52 ` 2.6.23-rc7-mm1 Reuben Farrelly
2007-09-24 16:59   ` 2.6.23-rc7-mm1 Andrew Morton
2007-09-24 17:12     ` 2.6.23-rc7-mm1 J. Bruce Fields
2007-09-24 21:31       ` 2.6.23-rc7-mm1 Reuben Farrelly
2007-09-24 15:18 ` 2.6.23-rc7-mm1 ia64 build issue in efi.c Bob Picco
2007-09-24 19:07 ` 2.6.23-rc7-mm1 Torsten Kaiser
2007-09-24 19:34   ` 2.6.23-rc7-mm1 Andrew Morton
2007-09-24 20:25     ` 2.6.23-rc7-mm1 Thomas Gleixner
2007-09-25  7:32       ` 2.6.23-rc7-mm1 Torsten Kaiser
2007-09-25  7:44         ` 2.6.23-rc7-mm1 Thomas Gleixner
2007-09-24 19:41 ` 2.6.23-rc7-mm1 Kamalesh Babulal
2007-09-25 10:23   ` 2.6.23-rc7-mm1 Mel Gorman
2007-09-25 10:31     ` 2.6.23-rc7-mm1 Jens Axboe
2007-09-25 11:15       ` 2.6.23-rc7-mm1 Mel Gorman
2007-09-25 11:23         ` 2.6.23-rc7-mm1 Jens Axboe
2007-09-24 20:10 ` 2.6.23-rc7-mm1: build error with CONFIG_KEXEC=y and CONFIG_NOHIGHMEM=y Laurent Riffard
2007-09-24 23:11   ` Randy Dunlap
2007-09-24 23:11     ` Randy Dunlap
2007-09-24 22:20 ` 2.6.23-rc7-mm1 Kamalesh Babulal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070924120508.GA15648@infradead.org \
    --to=hch@infradead.org \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.