On Tue, 10 Jul 2007 15:59:00 -0400 Lee Schermerhorn wrote: > [PATCH] 2.6.22-rc6-mm1 - hugetlbfs handle empty options string > > I was seeing a null pointer deref in fs/super.c:vfs_kern_mount(). > Some file system get_sb() handler was returning NULL mnt_sb with > a non-negative return value. I also noticed a "hugetlbfs: Bad > mount option:" message in the log. > > Turns out that hugetlbfs_parse_options() was not checking for an > empty option string after call to strsep(). On failure, > hugetlbfs_parse_options() returns 1. hugetlbfs_fill_super() just > passed this return code back up the call stack where > vfs_kern_mount() missed the error and proceeded with a NULL mnt_sb. > > Apparently introduced by patch: > hugetlbfs-use-lib-parser-fix-docs.patch > > The problem was exposed by this line in my fstab: > > none /huge hugetlbfs defaults 0 0 > > It can also be demonstrated by invoking mount of hugetlbfs > directly with no options or a bogus option. > > This patch: > > 1) adds the check for empty option to hugetlbfs_parse_options(), > 2) enhances the error message to bracket any unrecognized > option with quotes , > 3) modifies hugetlbfs_parse_options() to return -EINVAL on any > unrecognized option, > 4) adds a BUG_ON() to vfs_kern_mount() to catch any get_sb() > handler that returns a NULL mnt->mnt_sb with a return value > >= 0. > > Signed-off-by: Lee Schermerhorn <[EMAIL PROTECTED]> > > fs/hugetlbfs/inode.c | 8 +++++--- > fs/super.c | 1 + > 2 files changed, 6 insertions(+), 3 deletions(-)
Argh. Thanks. Acked-by: Randy Dunlap <[EMAIL PROTECTED]> --- ~Randy *** Remember to use Documentation/SubmitChecklist when testing your code *** - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
