On Mon, Mar 28, 2011 at 8:26 AM, Amerigo Wang <amwang@xxxxxxxxxx> wrote:
> From: WANG Cong <xiyou.wangcong@xxxxxxxxx>
>
> V2: move the check into m_stop() as suggested by Linus,
> also, most ->show() implementations assume the second parameter 'v'
> is not NULL, this fixes them too.
>
> Anca reported a bug:
>
> [15117.080119] BUG: unable to handle kernel paging request at fffffffffffffff3
> [15117.080152] IP: [<ffffffff811b4989>] vma_stop+0x19/0x40
>
> Linus did the initial analysis, and found this was caused
> by commit ec6fd8a4355c ("report errors in /proc/*/*map*
> sanely"), which replaces NULL with various ERR_PTR() cases.
>
> This is true, that commit changed the return value of m_start(),
> which will return an error pointer on failure, but Al forgot
> to check the error pointer in m_stop() which will be called
> when m_start() fails. This patches fixes it.
>
> Reported-by: Anca Emanuel <anca.emanuel@xxxxxxxxx>
> Tested-by: Anca Emanuel <anca.emanuel@xxxxxxxxx>
> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: WANG Cong <amwang@xxxxxxxxxx>
> Signed-off-by: WANG Cong <xiyou.wangcong@xxxxxxxxx>
>
> ---
>
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index 7c708a4..8e59169 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -124,8 +124,10 @@ static void *m_start(struct seq_file *m, loff_t *pos)
> return ERR_PTR(-ESRCH);
>
> mm = mm_for_maps(priv->task);
> - if (!mm || IS_ERR(mm))
> + if (IS_ERR_OR_NULL(mm)) {
> + put_task_struct(priv->task);
> return mm;
> + }
> down_read(&mm->mmap_sem);
>
> tail_vma = get_gate_vma(priv->task->mm);
> @@ -182,6 +184,8 @@ static void m_stop(struct seq_file *m, void *v)
> struct proc_maps_private *priv = m->private;
> struct vm_area_struct *vma = v;
>
> + if (IS_ERR_OR_NULL(v))
> + return;
Note: this is not functional equivalent with the previous patch.
> vma_stop(priv, vma);
> if (priv->task)
> put_task_struct(priv->task);
> diff --git a/fs/seq_file.c b/fs/seq_file.c
> index 05d6b0e..e17d5e6 100644
> --- a/fs/seq_file.c
> +++ b/fs/seq_file.c
> @@ -83,7 +83,7 @@ static int traverse(struct seq_file *m, loff_t offset)
> p = m->op->start(m, &index);
> while (p) {
> error = PTR_ERR(p);
> - if (IS_ERR(p))
> + if (IS_ERR_OR_NULL(p))
> break;
> error = m->op->show(m, p);
> if (error < 0)
> --
I din't test the above patch.
Linus already have the fix in his tree.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
