Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 19 Jul 2002 04:18:25 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 19 Jul 2002 04:18:25 -0400 Received: from samba.sourceforge.net ([198.186.203.85]:19422 "HELO lists.samba.org") by vger.kernel.org with SMTP id ; Fri, 19 Jul 2002 04:18:24 -0400 From: Rusty Russell To: Jeff Dike Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] check shm mount succeeded in shmem_file_setup In-reply-to: Your message of "Thu, 18 Jul 2002 22:54:27 EST." <200207190354.WAA05241@ccure.karaya.com> Date: Fri, 19 Jul 2002 17:53:06 +1000 Message-Id: <20020719080027.EEA964479@lists.samba.org> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1284 Lines: 32 In message <200207190354.WAA05241@ccure.karaya.com> you write: > The kern_mount(&tmpfs_fs_type) in init_shmem_fs can fail, leaving shm_mnt > NULL. A subsequent shmget will enter shmem_file_setup, which will blindly > dereference shm_mnt. EIO was my best guess as to the appropriate errno. I think the bug is checking the return value at all. This code cannot be a module (at least without significant furthur work), despite the fact that someone nicely wrote an exitfunction for it. And if the initialization fails at boot, we're screwed anyway. > --- orig/mm/shmem.c Mon Feb 25 12:50:45 2002 > +++ um/mm/shmem.c Thu Jul 18 22:16:11 2002 > @@ -1455,6 +1455,9 @@ > if (!vm_enough_memory((size) >> PAGE_CACHE_SHIFT)) > return ERR_PTR(-ENOMEM); > > + if(shm_mnt == NULL) > + return ERR_PTR(-EIO); > + > this.name = name; > this.len = strlen(name); > this.hash = 0; /* will go */ Rusty. -- Anyone who quotes me in their sig is an idiot. -- Rusty Russell. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/