[PATCH] 2.6.0-test4-mm2 drivers/char.c Oops on open()

From: Dave Olien
Date: Thu Aug 28 2003 - 18:19:28 EST

Next message: Chris Wright: "Re: non-exec stack"
Previous message: Mike Fedyk: "Re: non-exec stack"
Next in thread: Dave Olien: "Re: [PATCH] 2.6.0-test4-mm2 drivers/char.c ---> drivers/char/raw.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The raw.c character device Oopses dereferencing a NULL pointer in bd_claim()
This problem occurred after bd_claim() in block_dev.c was modified to "claim
the whole device when a partition is claimed".

raw_open() made the mistake of calling bd_claim BEFORE calling
blkdev_get(). At that time, the bdev->bd_contains field. has't been
initialized yet. Switching the order allows blkdev_get() to initialize
those fields before calling bd_claim().

Also fixed up some error return paths:

igrab() should never fail under these circumstances since the caller
already has a reference to that inode through the bdev at that time.

In the event of blkdev_get() failure or set_blocksize() failure, not
all the work to unwind from the error was done.

--- linux-2.6.0-test4-mm2_original/drivers/char/raw.c 2003-08-28 13:16:03.000000000 -0700
+++ linux-2.6.0-test4-mm2_raw/drivers/char/raw.c 2003-08-28 14:07:44.000000000 -0700
@@ -60,25 +60,25 @@
bdev = raw_devices[minor].binding;
err = -ENODEV;
if (bdev) {
- err = bd_claim(bdev, raw_open);
+ err = blkdev_get(bdev, filp->f_mode, 0, BDEV_RAW);
if (err)
goto out;
- err = -ENODEV;
- if (!igrab(bdev->bd_inode))
+ igrab(bdev->bd_inode);
+ err = bd_claim(bdev, raw_open);
+ if (err) {
+ blkdev_put(bdev, BDEV_RAW);
goto out;
- err = blkdev_get(bdev, filp->f_mode, 0, BDEV_RAW);
+ }
+ err = set_blocksize(bdev, bdev_hardsect_size(bdev));
if (err) {
bd_release(bdev);
+ blkdev_put(bdev, BDEV_RAW);
goto out;
- } else {
- err = set_blocksize(bdev, bdev_hardsect_size(bdev));
- if (err == 0) {
- filp->f_flags |= O_DIRECT;
- if (++raw_devices[minor].inuse == 1)
- filp->f_dentry->d_inode->i_mapping =
- bdev->bd_inode->i_mapping;
- }
}
+ filp->f_flags |= O_DIRECT;
+ if (++raw_devices[minor].inuse == 1)
+ filp->f_dentry->d_inode->i_mapping =
+ bdev->bd_inode->i_mapping;
}
filp->private_data = bdev;
out:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: non-exec stack"
Previous message: Mike Fedyk: "Re: non-exec stack"
Next in thread: Dave Olien: "Re: [PATCH] 2.6.0-test4-mm2 drivers/char.c ---> drivers/char/raw.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]