Re: smbfs Oops with Linux 2.6.3

From: Linus Torvalds
Date: Tue Mar 09 2004 - 21:49:32 EST

Next message: Nick Piggin: "Re: [RFC][PATCH 4/4] vm-mapped-x-active-lists"
Previous message: James Ketrenos: "Re: [Announce] Intel PRO/Wireless 2100 802.11b driver"
In reply to: Adam Sampson: "smbfs Oops with Linux 2.6.3"
Next in thread: Urban Widmark: "Re: smbfs Oops with Linux 2.6.3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 10 Mar 2004, Adam Sampson wrote:
>
> I use smbfs on my x86 Linux 2.6.3 machine to mount filesystems from a
> (Debian) Samba 3.0.0beta2 server. This has worked fine with both this
> kernel and previous ones for the last few months, but I've just had an
> Oops message while trying to open a directory with ROX-Filer. The
> filesystem in question is automounted (using autofs4), and this would
> have been the first operation upon it after being mounted.

Hmm.. Looks like an indirect call that jumped through a NULL pointer.

There's a few different indirect calls in "smb_readdir()", so it's a bit
hard to guess which one. It's at the end of the function, but gcc
re-orders code so much (and usually wrong, I have to say), that it's hard
to guess which one it would be.

Three out of four calls are to "readdir()", which is an argument to the
function and should not really reasonably be NULL unless there is a
compiler bug or some _major_ stack corruption going on. So I consider
those to be the less likely causes.

The last one is to "server->ops->readdir()", and it's entirely possible
that that might be NULL. That's reinforced by the data on the stack
which would be the arguments to that function:

c5107840 cf84bfa0 c0165560 cf84bf2c

which makes some amount of sense (arg 2 and 4 are both pointing to the
call-stack, which I think is correct for those arguments if it is that
"->readdir()" call). In contrast, the above would _not_ make sense as the
four first arguments to "filldir" (the third one should be a name length).

So I think you had a NULL pointer for "server->ops->readdir".

As to how something like that could happen, I have absolutely no clue. The
"smb_install_null_ops()" would seem to cause that, but that's all I can
say.

Maybe the "smp_ops_null" thing should be filled in with stuff that always
returns EINVAL or something? Rather than actual NULL pointers that will
oops if they are ever used?

(That structure is actually from Andrew's patch from Zwane Mwaikambo
as a workaround for smb_proc_getattr oops from last summer)

Urban? Andrew? Zwane? I can decode the oopses, but when it comes to smbfs
I'm a retard.

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nick Piggin: "Re: [RFC][PATCH 4/4] vm-mapped-x-active-lists"
Previous message: James Ketrenos: "Re: [Announce] Intel PRO/Wireless 2100 802.11b driver"
In reply to: Adam Sampson: "smbfs Oops with Linux 2.6.3"
Next in thread: Urban Widmark: "Re: smbfs Oops with Linux 2.6.3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]