NULL pointer dereference in print_daily_error_info

NULL pointer dereference in print_daily_error_info

[Sergey Senozhatsky]

Hello,
      
This patch fixes NULL pointer dereference in print_daily_error_info, when   
called
on unmounted fs (EXT4_SB(sb) returns NULL). Deleting error reporting timer  
in
ext4_put_super fixes oops.

IRQ:
run_timer_softirq
?run_timer_softirq
print_daily_error_info
?__do_softirq
__do_softirq
call_softirq
do_softirq
irq_exit
smp_apic_timer_interrupt
apic_timer_interrupt
EOI
intel_idle
intel_idle
...


By the way, isn't print_daily_error_info racy? Is it safe to call           
print_daily_error_info
(by timer event (softirq)) when we'are remounting fs, etc.?

Please kindly review.

---

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 2614774..751997d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -719,6 +719,7 @@ static void ext4_put_super(struct super_block *sb)
 			ext4_abort(sb, "Couldn't clean up the journal");
 	}
 
+	del_timer(&sbi->s_err_report);
 	ext4_release_system_zone(sb);
 	ext4_mb_release(sb);
 	ext4_ext_release(sb);

Re: NULL pointer dereference in print_daily_error_info

[Ted Ts'o]

On Tue, Sep 14, 2010 at 03:51:02PM +0300, Sergey Senozhatsky wrote:
> Hello,
>       
> This patch fixes NULL pointer dereference in print_daily_error_info, when   
> called
> on unmounted fs (EXT4_SB(sb) returns NULL). Deleting error reporting timer  
> in
> ext4_put_super fixes oops.

Good catch!  Thanks for the patch.  I will include this into ext4
tree, and I will probably push it separately to Linus so that it gets
into 2.6.36, since this is a regresssion.

You didn't add a Signed-off-by: line, which is needed for Developer's
Certification of Origin (see section 1, subsection 16 of
Documentation/SubmittingPatches in the Linux source tree).  Can you
send confirmation that it's OK for me to add a Signed-off-by line for
you?  Thanks!!

> By the way, isn't print_daily_error_info racy? Is it safe to call           
> print_daily_error_info
> (by timer event (softirq)) when we'are remounting fs, etc.?

It should be fine.  Remounting doesn't actually change out the struct
superblock.  There is a chance that the information might not be fully
complete if an error is printed exactly as the same time as
print_daily_error_info() is run, but I'm not sure it's worth trying to
protect against that race, since the worst that this will mean is a
confusing report in the /var/log/messages file, and the ext4 error
message will be printed right next to it, which will have all of the
information the system administrator will need.

						- Ted
						

[PATCH] ext4: fix NULL pointer dereference in print_daily_error_info

[Sergey Senozhatsky]

Fix NULL pointer dereference in print_daily_error_info, when   
called on unmounted fs (EXT4_SB(sb) returns NULL), by removing error 
reporting timer in ext4_put_super.

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>

---

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 2614774..751997d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -719,6 +719,7 @@ static void ext4_put_super(struct super_block *sb)
 			ext4_abort(sb, "Couldn't clean up the journal");
 	}
 
+	del_timer(&sbi->s_err_report);
 	ext4_release_system_zone(sb);
 	ext4_mb_release(sb);
 	ext4_ext_release(sb);

Re: [PATCH] ext4: fix NULL pointer dereference in print_daily_error_info

[Ted Ts'o]

On Wed, Sep 15, 2010 at 09:35:18AM +0300, Sergey Senozhatsky wrote:
> Fix NULL pointer dereference in print_daily_error_info, when   
> called on unmounted fs (EXT4_SB(sb) returns NULL), by removing error 
> reporting timer in ext4_put_super.
> 
> Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>

Thanks, added to the ext4 patch tree

						- Ted