Re: [Unionfs] Unionfs BUG: null pointer dereference union fs_setattr

Wed, 23 Dec 2009 06:39:16 -0800 

Thomas Schauß <scha...@...> writes:

> 
> Hello,
> 
> we have exactly the same issue with unionfs and firefox. We did apply the
> patch posted above. The kernel oops occurs every time firefox is launched.
> Syslog shows the following:
> 
> I tried to track down the problem and came to a similar conclusion as in the
> previous post:
> 
> lower_inode = unionfs_lower_inode(inode); ==> lower_inode == NULL
> 
> I tried to solve the problem by adding the following directly after the
> previous call:
> 
> if (!lower_inode) {
>       pr_info("unionfs: lower_inode NULL
> (name=%s)\n",dentry->d_name.name);
>       err = -EINVAL;
>       goto out;
> }
>
> This evaluation became true occasionally but the oops still occurred (still
> NULL pointer dereference in unionfs_setattr). 

I had come to something similar but this was not enough. The second oops I got
was on the call of fput.

Here is the patch that avoid all oopses here on openoffice.org-voikko removal
(the binary called there indeed does several open/unlink/truncate for temporary
scripts)

Signed-off-by: Pascal Terjan <pter...@mandriva.com>
---
 fs/unionfs/copyup.c |    2 +-
 fs/unionfs/inode.c  |    7 +++++++
 2 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/fs/unionfs/copyup.c b/fs/unionfs/copyup.c
index c43cc7f..9d7468f 100644
--- a/fs/unionfs/copyup.c
+++ b/fs/unionfs/copyup.c
@@ -498,7 +498,7 @@ out_unlink:
         */
        vfs_unlink(new_lower_parent_dentry->d_inode, new_lower_dentry);
 
-       if (copyup_file) {
+       if (copyup_file && *copyup_file) {
                /* need to close the file */
 
                fput(*copyup_file);
diff --git a/fs/unionfs/inode.c b/fs/unionfs/inode.c
index bd5a3b3..6b2f16f 100644
--- a/fs/unionfs/inode.c
+++ b/fs/unionfs/inode.c
@@ -918,11 +918,18 @@ static int unionfs_setattr(struct dentry *dentry, struct
iattr *ia)
 
        lower_dentry = unionfs_lower_dentry(dentry);
        if (!lower_dentry) { /* should never happen after above revalidate */
+               printk(KERN_ERR "unionfs: lower dentry NULL\n");
                err = -EINVAL;
                goto out;
        }
        lower_inode = unionfs_lower_inode(inode);
 
+       /* give up if no lower_inode */
+       if(!lower_inode) {
+               printk(KERN_ERR "unionfs: lower inode NULL\n");
+               err = -EINVAL;
+               goto out;
+       }
        /* check if user has permission to change lower inode */
        err = inode_change_ok(lower_inode, ia);
        if (err)
-- 
1.6.2.5

_______________________________________________
unionfs mailing list: http://unionfs.filesystems.org/
unionfs@mail.fsl.cs.sunysb.edu
http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs

Reply via email to