Re: 2.6.23-mm1: BUG in reiserfs_delete_xattrs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 15.10.2007 20:31, Jeff Mahoney a écrit :
> Christoph Hellwig wrote:
>> On Mon, Oct 15, 2007 at 12:34:58AM +0200, Laurent Riffard wrote:
>>> reiserfs_delete_xattrs
>>> reiserfs_delete_inode
>>> generic_delete_inode
>>> generic_drop_inode
>>> iput
>>> do_unlinkat
>>> sys_unlink
>>> sys_enter_past_esp
>>>
>>> I reported a similar BUG in 2.6.22-rc8-mm2 (see
>>> http://lkml.org/lkml/2007/9/27/235). Dave Hansen sent a patch for it, I
>>> tested it and it was OK for 2.6.22-rc8-mm2.
>>>
>>> I tried this patch on 2.6.23-mm1, and it fixed the BUGs here too.
>> The delete path is a similar case as the one Dave fixed, also cause by
>> a NULL vfsmount passed to dentry_open, but through a different code-path.
>>
>> Untested fix for this problem below:
> 
> Here's a patch I worked up the other night that kills off struct file
> completely from the xattr code. I've tested it locally.

Sorry Jeff, your patch does not apply on 2.6.23-mm1. The 'struct file'
removal from reiserfs_xattr_ function is already in -mm
(make-reiserfs-stop-using-struct-file-for-internal.patch).

The Dave's patch I was refering to is this one: 

==== BEGIN =====
The bug is caused by reiserfs creating a special 'struct file' with a
NULL vfsmount.  

/* Opens a file pointer to the attribute associated with inode */
static struct file *open_xa_file(const struct inode *inode, const char
*name,
                                 int flags)
{
...
        fp = dentry_open(xafile, NULL, O_RDWR);
        /* dentry_open dputs the dentry if it fails */


As Christoph just said, this is somewhat of a bandaid.  But, it
shouldn't hurt anything.

---

 lxc-dave/fs/file_table.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -puN fs/open.c~fix-reiserfs-oops fs/open.c
diff -puN fs/file_table.c~fix-reiserfs-oops fs/file_table.c
--- lxc/fs/file_table.c~fix-reiserfs-oops	2007-09-27 13:32:20.000000000 -0700
+++ lxc-dave/fs/file_table.c	2007-09-27 13:33:11.000000000 -0700
@@ -236,7 +236,7 @@ void fastcall __fput(struct file *file)
 	fops_put(file->f_op);
 	if (file->f_mode & FMODE_WRITE) {
 		put_write_access(inode);
-		if (!special_file(inode->i_mode))
+		if (!special_file(inode->i_mode) && mnt)
 			mnt_drop_write(mnt);
 	}
 	put_pid(file->f_owner.pid);
diff -puN include/linux/mount.h~fix-reiserfs-oops include/linux/mount.h
==== END ====

Dave sent it privately to me... I guess this "bandaid" is no longer
needed now, is it?

~~
laurent

-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux