On Sun, 18 Jun 2006 10:37:18 -0300, Marcelo Tosatti <[email protected]> wrote:
>Can you please try the attached patch.
>
>Grab a reference to the victim inode before calling vfs_unlink() to avoid
>it vanishing under us.
>
>diff --git a/fs/namei.c b/fs/namei.c
>index 42cce98..7993283 100644
>--- a/fs/namei.c
>+++ b/fs/namei.c
>@@ -1509,6 +1509,7 @@ asmlinkage long sys_unlink(const char *
> char * name;
> struct dentry *dentry;
> struct nameidata nd;
>+ struct inode *inode = NULL;
>
> name = getname(pathname);
> if(IS_ERR(name))
>@@ -1527,11 +1528,16 @@ asmlinkage long sys_unlink(const char *
> /* Why not before? Because we want correct error value */
> if (nd.last.name[nd.last.len])
> goto slashes;
>+ inode = dentry->d_inode;
>+ if (inode)
>+ atomic_inc(&inode->i_count);
> error = vfs_unlink(nd.dentry->d_inode, dentry);
> exit2:
> dput(dentry);
> }
> up(&nd.dentry->d_inode->i_sem);
>+ if (inode)
>+ iput(inode);
> exit1:
> path_release(&nd);
> exit:
/home/share is an NFS mounted directory, via ssh terminal:
grant@sempro:~$ dmesg >/home/share/dmesg-2.4.33-rc1a
grant@sempro:~$ rm /home/share/dmesg-2.4.33-rc1a
Segmentation fault
Network connection lost, copy / paste oops from screen to file, reboot,
and...
ksymoops 2.4.11 on i686 2.4.33-rc1a. Options used
-v /home/grant/linux/linux-2.4.33-rc1a/vmlinux (specified)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.4.33-rc1a/ (default)
-m /boot/System.map-2.4.33-rc1a (specified)
Unable to handle kernel NULL pointer dereference at virtual address 00000088
*pde = 00000000
Oops: 0002
CPU: 0
EIP: 0010:[<c013eeb4>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010282
eax: 00000000 ebx: 00000000 ecx: 00000088 edx: 00000088
esi: f6e2ed08 edi: f5954e40 ebp: f6e2ec80 esp: f587ff68
ds: 0018 es: 0018 ss: 0018
Process rm (pid: 241, stackpage=f587f000)
Stack: f6e2ec80 f5954e40 f5954e40 f75a7000 f58ca0c0 f587ff90 c013f078 f6e2ec80
f5954e40 f5954e40 f6eb8440 c19ac440 f75a700c 00000011 c1bbcfcb 00000010
00000000 00000004 f587e000 bffff986 08051050 bffff768 c0106eff bffff986
Call Trace: [<c013f078>] [<c0106eff>]
Code: ff 80 88 00 00 00 0f 8e 58 16 00 00 85 db 74 16 89 d8 8b 5c
>>EIP; c013eeb4 <vfs_unlink+a4/1a0> <=====
>>esi; f6e2ed08 <_end+36a9305c/386be3d4>
>>edi; f5954e40 <_end+355b9194/386be3d4>
>>ebp; f6e2ec80 <_end+36a92fd4/386be3d4>
>>esp; f587ff68 <_end+354e42bc/386be3d4>
Trace; c013f078 <sys_unlink+c8/140>
Trace; c0106eff <system_call+33/38>
Code; c013eeb4 <vfs_unlink+a4/1a0>
00000000 <_EIP>:
Code; c013eeb4 <vfs_unlink+a4/1a0> <=====
0: ff 80 88 00 00 00 incl 0x88(%eax) <=====
Code; c013eeba <vfs_unlink+aa/1a0>
6: 0f 8e 58 16 00 00 jle 1664 <_EIP+0x1664>
Code; c013eec0 <vfs_unlink+b0/1a0>
c: 85 db test %ebx,%ebx
Code; c013eec2 <vfs_unlink+b2/1a0>
e: 74 16 je 26 <_EIP+0x26>
Code; c013eec4 <vfs_unlink+b4/1a0>
10: 89 d8 mov %ebx,%eax
Code; c013eec6 <vfs_unlink+b6/1a0>
12: 8b 5c 00 00 mov 0x0(%eax,%eax,1),%ebx
Sorry for bad news. As before, the 'rm file' succeeded, prior to the
segfault. I put the dmesg (before oops) and 'grep = .config' up on
<http://bugsplatter.mine.nu/test/linux-2.4/sempro/> with -rc1a suffix
Repeat with extract 2.4.32 + patches --> same, note that the oops is
only on deleting file over NFS, I noticed 2.6.16.20 has extra NFS
stuff around this area.
grant@sempro:~$ dmesg >dmesg
grant@sempro:~$ rm dmesg
grant@sempro:~$ dmesg >/home/share/dmesg-test
grant@sempro:~$ rm /home/share/dmesg-test
Segmentation fault
Grant.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]