From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Subject: Re: [PATCH] [fs/9p] Fix NULL point deref in v9fs_dir_release
Date: Tue, 17 Aug 2010 11:37:43 -0700
Message-ID: <4C6AD6F7.7060507@linux.vnet.ibm.com>
References: <1282065541-3775-1-git-send-email-jvrao@linux.vnet.ibm.com> <20100817171331.GA26467@infradead.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: v9fs-developer@lists.sourceforge.net, linux-fsdevel@vger.kernel.org
To: Christoph Hellwig <hch@infradead.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from e34.co.us.ibm.com ([32.97.110.152]:42682 "EHLO
	e34.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S934870Ab0HQSiG (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 17 Aug 2010 14:38:06 -0400
Received: from d03relay03.boulder.ibm.com (d03relay03.boulder.ibm.com [9.17.195.228])
	by e34.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id o7HIT3Iw029922
	for <linux-fsdevel@vger.kernel.org>; Tue, 17 Aug 2010 12:29:03 -0600
Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168])
	by d03relay03.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o7HIbkMr191650
	for <linux-fsdevel@vger.kernel.org>; Tue, 17 Aug 2010 12:37:48 -0600
Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1])
	by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o7HIbjal009703
	for <linux-fsdevel@vger.kernel.org>; Tue, 17 Aug 2010 12:37:45 -0600
In-Reply-To: <20100817171331.GA26467@infradead.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Christoph Hellwig wrote:
> On Tue, Aug 17, 2010 at 10:19:01AM -0700, Venkateswararao Jujjuri (JV) wrote:
>> There are situations in VFS where we endup calling v9fs_dir_release() before
>> even we instantiate the filp. Hence the check.
> 
> Err, what callchain would that be?  This really should not happen.
> 
Call Trace:
 [<ffffffff81209cb1>] v9fs_dir_release+0x29/0x2f
 [<ffffffff81105985>] fput+0x13a/0x1ec
 [<ffffffff81207e97>] ? v9fs_open_created+0x0/0xd
 [<ffffffff811031bd>] __dentry_open+0x1d3/0x29e
 [<ffffffff811033d3>] lookup_instantiate_filp+0x6b/0x8c
 [<ffffffff81208fc6>] v9fs_vfs_create_dotl+0x1a7/0x20d
 [<ffffffff8110e30a>] vfs_create+0x70/0x92
 [<ffffffff8110eddc>] do_last+0x2e0/0x605
 [<ffffffff8110f553>] do_filp_open+0x1f8/0x5f8
 [<ffffffff811019e7>] ? mem_cgroup_charge_common+0x6a/0x7a
 [<ffffffff8125e933>] ? might_fault+0x21/0x23
 [<ffffffff8125ea32>] ? __strncpy_from_user+0x1e/0x49
 [<ffffffff81118ec2>] ? alloc_fd+0x7b/0x124
 [<ffffffff81102ef2>] do_sys_open+0x63/0x10f
 [<ffffffff81102fd1>] sys_open+0x20/0x22
 [<ffffffff81009c32>] system_call_fastpath+0x16/0x1b