Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 31 Dec 2002 11:09:42 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 31 Dec 2002 11:09:42 -0500 Received: from cs.huji.ac.il ([132.65.16.30]:53767 "EHLO cs.huji.ac.il") by vger.kernel.org with ESMTP id ; Tue, 31 Dec 2002 11:09:39 -0500 Date: Tue, 31 Dec 2002 18:18:01 +0200 (IST) From: Amar Lior To: linux-kernel@vger.kernel.org cc: Amar Lior Subject: PROBLEM Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1304 Lines: 43 Hi all, I found a bug that cause the kernel to lockup. The problem is in mm/shmem.c do_shmem_file_read() (the tmpfs) at line 959 there is a call to file_read_actor(desc, page, offset, nr); The problem is that inside the function file_read_actor() desc->error is set to -EFAULT (this happens when the buffer supplied by the user for the read is wrong) but there is no check right after the return from file_read_actor() to test this situation. The result is that the desc->count field always stay the same and the while loop in do_shmem_file_read never end and the kernel locksup. The fix is very simple just add the following line after the call to file_read_actor(): ------------------- if(desc->error) break ------------------- If you need any other info please mail me Regards --lior ________________________________________________________________ Lior Amar Distributed Computing Lab MOSIX E-mail : lior@cs.huji.ac.il ________________________________________________________________ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/