Re: BUG_ON(nd->inode != parent->d_inode);

From: Dave Jones
Date: Fri Mar 08 2013 - 21:56:54 EST

Next message: Dave Jones: "Re: BUG_ON(nd->inode != parent->d_inode);"
Previous message: Ric Mason: "Re: mmap vs fs cache"
In reply to: Dave Jones: "Re: BUG_ON(nd->inode != parent->d_inode);"
Next in thread: Dave Jones: "Re: BUG_ON(nd->inode != parent->d_inode);"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 08, 2013 at 09:26:23PM -0500, Dave Jones wrote:
> On Fri, Mar 08, 2013 at 06:08:52PM -0800, Linus Torvalds wrote:
> > On Fri, Mar 8, 2013 at 6:03 PM, Dave Jones <davej@xxxxxxxxxx> wrote:
> > >
> > > existing pathname + 'a' = fine.
> > >
> > > existing pathname + '/' + 'a' = boom.
> >
> > Good.
> >
> > > Looks like if I do this..
> > >
> > > if (isdigit(newpath[len]) != 0) {
> > > newpath[len] = '/';
> > > newpath[len+1] = 'A';
> > > newpath[len+2] = 0;
> > >
> > > no bug.
> >
> > Well, but that will never trigger. newpath[len] will always be NUL, so
> > you just disabled things entirely. Use "len-1".
> >
> > So I don't think that did what you meant it to do.
>
> Fixed that up, and even double checked my sanity by printing stuff out.
>
> Confirmed that it's something that doesn't end in a number.

I've got a hunch that it's /proc/$$/ns/uts.

After 3-4 runs, that's the only common file in the last few that got mangled.

I'll do some more tests, but this might be the one.

Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Jones: "Re: BUG_ON(nd->inode != parent->d_inode);"
Previous message: Ric Mason: "Re: mmap vs fs cache"
In reply to: Dave Jones: "Re: BUG_ON(nd->inode != parent->d_inode);"
Next in thread: Dave Jones: "Re: BUG_ON(nd->inode != parent->d_inode);"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]