Dereferencing unintialized "usb3" pointer in ufs_fill_super() is not
going to work. gcc even warns about this.
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000014e
printing eip: f9a3b1a2 *pde = 00000000
Oops: 0000 [#1] PREEMPT
last sysfs file: /block/loop7/removable
Modules linked in: ufs loop usbhid ehci_hcd snd_intel8x0 snd_ac97_codec uhci_hcd rtc ac97_bus usbcore thermal button processor sr_mod evdev cdrom
Pid: 1066, comm: mount Not tainted (2.6.23-rc8-mm1 #1)
EIP: 0060:[<f9a3b1a2>] EFLAGS: 00010286 CPU: 0
EIP is at ufs_fill_super+0x52f/0x12e5 [ufs]
EAX: 00000002 EBX: c39c4960 ECX: c0176465 EDX: 00000000
ESI: c38c5000 EDI: c387f800 EBP: 00000600 ESP: c3816d3c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process mount (pid: 1066, ti=c3816000 task=c38f34d0 task.ti=c3816000)
last branch before last exception/interrupt
from c0130fc0 (lockdep_on+0xb/0xc)
to c0118d82 (vprintk+0x29f/0x2fb)
Stack: 00000010 00000000 00000600 00000000 c3816db4 0038c0d8 00000000 c3816dd4
ffffffff 00000002 00000200 00000600 00002130 00002000 c39c4960 c01b1355
c3816d94 c3816d94 c0187966 c3816db4 00000020 c0347b9b c280680c 00000400
Call Trace:
[<c01b1355>] snprintf+0x1f/0x22
[<c0187966>] disk_name+0x79/0x83
[<c015c49b>] get_sb_bdev+0xdc/0x11a
[<c016ca6d>] alloc_vfsmnt+0x8d/0xb3
[<f9a39e3c>] ufs_get_sb+0x20/0x25 [ufs]
[<f9a3ac73>] ufs_fill_super+0x0/0x12e5 [ufs]
[<c015c09c>] vfs_kern_mount+0x40/0x79
[<c016d601>] do_mount+0x6c0/0x7e3
[<c02c82a3>] _spin_unlock+0x25/0x3b
[<c01318dc>] mark_held_locks+0x39/0x53
[<c013fd1d>] find_lock_page+0xf/0x84
[<c014456f>] get_page_from_freelist+0x21e/0x3f0
[<c0131ab0>] trace_hardirqs_on+0x118/0x13b
[<c0144599>] get_page_from_freelist+0x248/0x3f0
[<c01582f1>] kmem_cache_alloc+0x68/0x9b
[<c016be18>] copy_mount_options+0x26/0x109
[<c016d79b>] sys_mount+0x77/0xb3
[<c0103db2>] sysenter_past_esp+0x5f/0x99
=======================
INFO: lockdep is turned off.
Code: d2 f7 74 24 28 03 87 50 01 00 00 89 04 24 c7 44 24 04 00 00 00 00 89 f2 89 f8 e8 e6 2b 00 00 85 c0 0f 84 1e 0d 00 00 8b 44 24 24 <8b> 90 4c 01 00 00 8b 86 58 02 00 00 83 78 08 00 74 02 0f ca 89
EIP: [<f9a3b1a2>] ufs_fill_super+0x52f/0x12e5 [ufs] SS:ESP 0068:c3816d3c
Signed-off-by: Alexey Dobriyan <[email protected]>
---
fs/ufs/super.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--- a/fs/ufs/super.c
+++ b/fs/ufs/super.c
@@ -837,6 +837,10 @@ again:
if (!ubh)
goto failed;
+ usb1 = ubh_get_usb_first(uspi);
+ usb2 = ubh_get_usb_second(uspi);
+ usb3 = ubh_get_usb_third(uspi);
+
/* Sort out mod used on SunOS 4.1.3 for fs_state */
uspi->s_postblformat = fs32_to_cpu(sb, usb3->fs_postblformat);
if (((flags & UFS_ST_MASK) == UFS_ST_SUNOS) &&
@@ -845,11 +849,6 @@ again:
flags |= UFS_ST_SUN;
}
-
- usb1 = ubh_get_usb_first(uspi);
- usb2 = ubh_get_usb_second(uspi);
- usb3 = ubh_get_usb_third(uspi);
-
/*
* Check ufs magic number
*/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]