From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Price Date: Mon, 09 Feb 2015 10:45:51 +0000 Subject: [Cluster-devel] 3.18.5 kernel panic: fs/gfs2/acl.c:76 In-Reply-To: <73758762.196941.1423266647719.JavaMail.zimbra@redhat.com> References: <73758762.196941.1423266647719.JavaMail.zimbra@redhat.com> Message-ID: <54D88FDF.4030206@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 06/02/15 23:50, Andreas Gruenbacher wrote: > Andrew, > >> 3.18.5 kernel crashing on acl deletion: >> >> null pointer dereference in fs/gfs2/acl.c:76 > > this bug seems to exist since commit 2646a1f6 from October 2009. The if-statement originates in 2646a1f6 but the bug was introduced by the deletion of a NULL check in e01580bf9e which was in December 2013. >> fix we're using currently: >> >> --- >> fs/gfs2/acl.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c >> index 3088e2a..8339754 100644 >> --- a/fs/gfs2/acl.c >> +++ b/fs/gfs2/acl.c >> @@ -73,7 +73,7 @@ int gfs2_set_acl(struct inode *inode, struct posix_acl >> *acl, int type) >> >> BUG_ON(name == NULL); >> >> - if (acl->a_count > GFS2_ACL_MAX_ENTRIES(GFS2_SB(inode))) >> + if ((acl) && (acl->a_count > GFS2_ACL_MAX_ENTRIES(GFS2_SB(inode)))) >> return -E2BIG; >> >> if (type == ACL_TYPE_ACCESS) { > > Except for the extra parentheses this seems correct, thank you. Agreed. Good catch. Thanks, Andy