- hfs_fill_super-returns-success-even-if-no-root-inode.patch removed from -mm tree

akpm@xxxxxxxx · Thu, 16 Nov 2006 15:12:28 -0800

The patch titled
     hfs_fill_super returns success even if no root inode
has been removed from the -mm tree.  Its filename was
     hfs_fill_super-returns-success-even-if-no-root-inode.patch

This patch was dropped because it was merged into mainline or a subsystem tree

------------------------------------------------------
Subject: hfs_fill_super returns success even if no root inode
From: Eric Sandeen <sandeen@xxxxxxxxxx>

http://kernelfun.blogspot.com/2006/11/mokb-14-11-2006-linux-26x-selinux.html

mount that image...
fs: filesystem was not cleanly unmounted, running fsck.hfs is recommended.  mounting read-only.
hfs: get root inode failed.
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018
 printing eip
...
EIP is at superblock_doinit+0x21/0x767
...
 [] selinux_sb_kern_mount+0xc/0x4b
 [] vfs_kern_mount+0x99/0xf6
 [] do_kern_mount+0x2d/0x3e
 [] do_mount+0x5fa/0x66d
 [] sys_mount+0x77/0xae
 [] syscall_call+0x7/0xb
DWARF2 unwinder stuck at syscall_call+0x7/0xb

hfs_fill_super() returns success even if
  root_inode = hfs_iget(sb, &fd.search_key->cat, &rec);
or
  sb->s_root = d_alloc_root(root_inode);

fails.  This superblock finds its way to superblock_doinit() which does:

        struct dentry *root = sb->s_root;
        struct inode *inode = root->d_inode;

and boom.  Need to make sure the error cases return an error, I think.

[akpm@xxxxxxxx: return -ENOMEM on oom]
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
Cc: Roman Zippel <zippel@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 fs/hfs/super.c |    2 ++
 1 file changed, 2 insertions(+)

diff -puN fs/hfs/super.c~hfs_fill_super-returns-success-even-if-no-root-inode fs/hfs/super.c

--- a/fs/hfs/super.c~hfs_fill_super-returns-success-even-if-no-root-inode
+++ a/fs/hfs/super.c
@@ -390,11 +390,13 @@ static int hfs_fill_super(struct super_b
 		hfs_find_exit(&fd);
 		goto bail_no_root;
 	}
+	res = -EINVAL;
 	root_inode = hfs_iget(sb, &fd.search_key->cat, &rec);
 	hfs_find_exit(&fd);
 	if (!root_inode)
 		goto bail_no_root;
 
+	res = -ENOMEM;
 	sb->s_root = d_alloc_root(root_inode);
 	if (!sb->s_root)
 		goto bail_iput;
_

Patches currently in -mm which might be from sandeen@xxxxxxxxxx are

origin.patch
handle-ext3-directory-corruption-better.patch
handle-ext4-directory-corruption-better.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




