From mboxrd@z Thu Jan  1 00:00:00 1970
From: Guo Chao <yan@linux.vnet.ibm.com>
Subject: [PATCH] Trig a BUG when kern_path see LOOKUP_ROOT in flag
Date: Wed,  4 Jul 2012 10:00:05 +0800
Message-ID: <1341367205-29571-1-git-send-email-yan@linux.vnet.ibm.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
To: viro@zeniv.linux.org.uk
Return-path: <linux-kernel-owner@vger.kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

kern_path does not prepare for LOOKUP_ROOT, if this flag is passed down,
path_init will reference uninitialized nameidata. When things go wrong, it will 
not be as obvious as dereferencing a null pointer. Kindly trig a bug here.

Signed-off-by: Guo Chao <yan@linux.vnet.ibm.com>
---
 fs/namei.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/namei.c b/fs/namei.c
index 1b64746..2b8c226 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1888,6 +1888,9 @@ struct dentry *kern_path_locked(const char *name, struct path *path)
 int kern_path(const char *name, unsigned int flags, struct path *path)
 {
 	struct nameidata nd;
+
+	BUG_ON(flags & LOOKUP_ROOT);
+
 	int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
 	if (!res)
 		*path = nd.path;
-- 
1.7.9.5