If I mount a partition using its devfs name, and define a new name for
that partition using mknod, and unmount the partition, I get a null
pointer dereference in blkdev_put because the bdev passed in has a null
bd_op pointer. For example,
mount -rt vfat /dev/ide/host0/bus0/target0/lun0/part1 /boot
cp -ia /dev/ide/host0/bus0/target0/lun0/part1 /dev/hda1
umount /boot
The null bd_op pointer comes from devfs_read_inode during the call to
get_vfs_inode in devfs_mknod; the devfs_inode processed during that
call comes from create_devfs_inode, which leaves its ops null. The
null pointer dereference does not occur with this patch:
--- linux/fs/devfs/base.c- Fri Apr 7 13:38:00 2000
+++ linux/fs/devfs/base.c Thu Apr 13 01:09:36 2000
@@ -2217,9 +2217,10 @@
inode->i_rdev = MKDEV (di->de->u.fcb.u.device.major,
di->de->u.fcb.u.device.minor);
inode->i_bdev = bdget (inode->i_rdev);
- if (inode->i_bdev) inode->i_bdev->bd_op = di->de->u.fcb.ops;
- else printk ("%s: read_inode(%d): no block device from bdget()\n",
- DEVFS_NAME, (int) inode->i_ino);
+ if (inode->i_bdev) {
+ if (di->de->u.fcb.ops) inode->i_bdev->bd_op = di->de->u.fcb.ops;
+ } else printk ("%s: read_inode(%d): no block device from bdget()\n",
+ DEVFS_NAME, (int) inode->i_ino);
inode->i_fop = &devfs_fops;
} else if ( S_ISFIFO (di->mode) ) {
inode->i_fop = &def_fifo_fops;
I'd be happy to provide any additional information required to solve
this problem, or test different patches, if there's a better way to
fix this bug. The problem is easily repeatable in a kernel configured
to use devfs. I'm using 2.3.99-pre5.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Apr 15 2000 - 21:00:20 EST