From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Teigland <teigland@redhat.com>
Date: Wed, 28 May 2008 09:26:38 -0500
Subject: [Cluster-devel] [PATCH] checking NULL pointer in device_write of
	dlm-control
In-Reply-To: <20080528.144510.108902725.yamato@redhat.com>
References: <20080528.144510.108902725.yamato@redhat.com>
Message-ID: <20080528142638.GA20154@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Wed, May 28, 2008 at 02:45:10PM +0900, Masatake YAMATO wrote:
> Hi,
> 
> I found a way to let linux dereference NULL pointer
> in gfs2-2.6-nmw/fs/dlm/user.c. 
> 
> If `device_write' method is called via "dlm-control", 
> file->private_data is NULL. (See ctl_device_open() in 
> user.c. ) Through proc->flags is read:
> 
> 	if ((kbuf->cmd == DLM_USER_LOCK || kbuf->cmd == DLM_USER_UNLOCK) &&
> 	    test_bit(DLM_PROC_FLAGS_CLOSING, &proc->flags))
> 		return -EINVAL;

Thanks for the patch, I'll push it out shortly.

Dave