Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754938Ab1B1Pnd (ORCPT ); Mon, 28 Feb 2011 10:43:33 -0500 Received: from mail-fx0-f46.google.com ([209.85.161.46]:59883 "EHLO mail-fx0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754609Ab1B1Pnc (ORCPT ); Mon, 28 Feb 2011 10:43:32 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=CGtTy4u4gSZ8IuPohURKDhOrTOdAAhjT0Uzbo/6+fXLNESuxZT5us7OFqTD5EXIgbh FfGhOydzl8Mg1GPpE98oyvWfPbyLAzL6QY3PARm0QpwzBmJVhf0K2nNGoE444BbKq/2q F5l4dNLo5uhF1vken+4uWrl6g/VnVvoVK6B2E= Date: Mon, 28 Feb 2011 17:43:14 +0200 From: Sergey Senozhatsky To: Andreas =?iso-8859-1?Q?Bie=DFmann?= Cc: linux-kernel@vger.kernel.org, Alexander Viro , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH] fs-writeback: fix NULL pointer dereference in __mark_inode_dirty Message-ID: <20110228154314.GA4675@swordfish.minsk.epam.com> References: <1298906733-31427-1-git-send-email-biessmann@corscience.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline In-Reply-To: <1298906733-31427-1-git-send-email-biessmann@corscience.de> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3301 Lines: 94 --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On (02/28/11 16:25), Andreas Bie=DFmann wrote: > This patch fixes a kernel NULL pointer dereference as mentioned in this l= og: >=20 > ---8<--- > [ 43.044000] mmc0: card c556 removed > [ 43.059000] mmcblk0: error -123 sending status comand > [ 43.064000] mmcblk0: error -123 sending read/write command, response 0= x0, card status 0x0 > [ 43.089000] mmcblk0: error -123 requesting status > [ 43.096000] end_request: I/O error, dev mmcblk0, sector 1667989 > > [ 43.830000] end_request: I/O error, dev mmcblk0, sector 1667988 > [ 44.679000] Unable to handle kernel NULL pointer dereference at virtua= l address 00000010 > [ 44.688000] ptbr =3D 93ec0000 pgd =3D 93ebf000 > [ 44.692000] Oops: Kernel access of bad area, sig: 11 [#1] > [ 44.692000] FRAME_POINTER chip: 0x01f:0x1e82 rev 2 > [ 44.692000] Modules linked in: > [ 44.692000] PC is at __mark_inode_dirty+0x8a/0x11c > [ 44.692000] LR is at __mark_inode_dirty+0x7c/0x11c > > [ 44.692000] Call trace: > [ 44.692000] [<900780a4>] file_update_time+0x96/0xaa > [ 44.692000] [<9005439a>] __generic_file_aio_write+0x212/0x330 > [ 44.692000] [<900544f4>] generic_file_aio_write+0x3c/0x74 > [ 44.692000] [<9006b82c>] do_sync_readv_writev+0x68/0x90 > [ 44.692000] [<9006b8c0>] do_readv_writev+0x6c/0x108 > [ 44.692000] [<9006b98a>] vfs_writev+0x2e/0x34 > [ 44.692000] [<9006be60>] sys_writev+0x2c/0x4c > [ 44.692000] [<90023132>] syscall_return+0x0/0x12 > [ 44.692000] > --->8--- >=20 > The reference to sb->s_bdi may be deleted from mmc_blk_remove() -> > del_gendisk() -> unlink_gendisk() -> bdi_unregister() -> bdi_prune_sb() w= hile > another instance try to write some data to the device. >=20 > Signed-off-by: Andreas Bie=DFmann > --- > fs/fs-writeback.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) >=20 > diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c > index cdbf7ac..96b4b25 100644 > --- a/fs/fs-writeback.c > +++ b/fs/fs-writeback.c > @@ -1047,6 +1047,9 @@ void __mark_inode_dirty(struct inode *inode, int fl= ags) > if (!was_dirty) { > bdi =3D inode_to_bdi(inode); > =20 > + if (!bdi) > + goto out; > + > if (bdi_cap_writeback_dirty(bdi)) { > WARN(!test_bit(BDI_registered, &bdi->state), > "bdi-%s not registered\n", bdi->name); Hello, I had something very similar to this some time ago https://lkml.org/lkml/2010/12/9/436 However, I'm not sure that this check is sufficient. Sergey --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iJwEAQECAAYFAk1rwpIACgkQfKHnntdSXjSUbQQA05S8quxALit1QLn+m1rp7X1I 7tWe4SV/ovYOp9hJqtu87PQvZ6Z7Y5ZwEtZX7xgpqvq8C8fVE0PPGMOZcAICT2Cb DKuKy29XrpOfoiMu38gfT8l77lNFXhzPnJKEEArVp4cCr33NCtE8/C5dm8kdze// 79NhhfeF6KGkPdktlGg= =3Ra8 -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/