bug in quota code + patch

Tue, 29 Oct 1996 23:31:29 +0100

The quota code has the following bad bug, no doubt responsible
for the kernel crashes related to umount that people have been
lookup_vfsmnt() keeps a pointer mru_vfsmnt for performance
reasons. When remove_vfsmount() disallocates a vfsmount structure,
this pointer is not killed, so that later on lookup_vfsmnt()
may return a pointer to random memory. Chaos is the result.

I conjecture that the following patch will solve these problems.
(Do not use quota myself.)


--- /nb/linux/linux-2.0.23/linux/fs/super.c Fri Sep 20 22:54:46 1996
+++ super.c Tue Oct 29 23:16:17 1996
@@ -146,6 +146,8 @@
if (vfsmnttail->mnt_dev == dev)
vfsmnttail = lptr;
+ if (tofree == mru_vfsmnt)
+ mru_vfsmnt = NULL;
kfree_s(tofree, sizeof(struct vfsmount));