Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)

From: Ingo Molnar
Date: Thu Jan 03 2008 - 09:11:40 EST

Next message: Al Viro: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Previous message: Al Viro: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
In reply to: Pekka J Enberg: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Next in thread: Al Viro: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Pekka J Enberg <penberg@xxxxxxxxxxxxxx> wrote:

> return ERR_PTR(-EACCES);
> }
> + if (is_bad_inode(inode)) {
> + unlock_kernel();
> + iput(inode);
> + return ERR_PTR(-ENOENT);
> + }

fs/isofs/rock.c:474 parse_rock_ridge_inode_internal() seems buggy too:

reloc =
isofs_iget(inode->i_sb,
ISOFS_I(inode)->i_first_extent,
0);
if (!reloc)
goto out;

it should probably do "!reloc || is_bad_inode(inode)" as well.

and there are about 5 other callsites as well that only check for a NULL
return.

perhaps the better fix would be to add this to inode.c:isofs_iget():

if (inode && (inode->i_state & I_NEW)) {
sb->s_op->read_inode(inode);
unlock_new_inode(inode);
if (s_bad_inode(inode))
inode = NULL;
}

?

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Previous message: Al Viro: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
In reply to: Pekka J Enberg: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Next in thread: Al Viro: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]