[CHECKER] A derefence of null pointer errorin JFS (jfs2.4, kernel2.4.19)
From: Junfeng Yang
Date: Tue Apr 27 2004 - 01:58:20 EST
file fs/jfs/jfs_tree.c
-----------------------------------------------------------
[BUG] get_metapage can return null when grab_cache_page or read_cache_page
fails in function __get_metapage. In that case, mp
jfs_tree.c
static int dtSplitRoot(tid_t tid,
struct inode *ip, struct dtsplit * split, struct metapage ** rmpp)
{
....
pxdlist = split->pxdlist;
pxd = &pxdlist->pxd[pxdlist->npxd];
pxdlist->npxd++;
rbn = addressPXD(pxd);
xlen = lengthPXD(pxd);
xsize = xlen << JFS_SBI(sb)->l2bsize;
rmp = get_metapage(ip, rbn, xsize, 1);
ERROR-->rp = rmp->data;
...
}
jfs_metapage.c
struct metapage *__get_metapage(struct inode *inode, unsigned long lblock,
unsigned int size, int absolute,
unsigned long new)
{
......
if (new) {
jfs_info("__get_metapage: Calling grab_cache_page");
FAIL---> mp->page = grab_cache_page(mapping, page_index);
if (!mp->page) {
jfs_err("grab_cache_page failed!");
goto freeit;
} else {
INCREMENT(mpStat.pagealloc);
UnlockPage(mp->page);
}
} else {
jfs_info("__get_metapage: Calling read_cache_page");
FAIL---> mp->page = read_cache_page(mapping, lblock,
(filler_t *)mapping->a_ops->readpage, NULL);
if (IS_ERR(mp->page)) {
jfs_err("read_cache_page failed!");
goto freeit;
} else
INCREMENT(mpStat.pagealloc);
}
mp->data = kmap(mp->page) + page_offset;
}
jfs_info("__get_metapage: returning = 0x%p", mp);
return mp;
freeit:
spin_lock(&meta_lock);
remove_from_hash(mp, hash_ptr);
__free_metapage(mp);
spin_unlock(&meta_lock);
return NULL;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/