Hello All,
I am seeing a bug in get_empty_filp (fs/file_table.c) where
files_stat.nr_free_files is out of sync with respect to the actual number of
elements in free_list.
More precicely, for some reason, free_list became empty (free_list.next and
free_list.prev pointed back to free_list) but files_stat.nr_free_files was
180. So the code list_entry(free_list.next...) returned a bad pointer (in
this case a pointer to free_list) and the memset in the get_empty_filp
overwrote the files_lock.
As far as I can see, one way this can happen is if in _fput, the list_del
and list_add routines took the *file off of teh free_list and put it back on
the free_list, causing the statement files_stat.nr_free_files++ to be out of
sync.
My question is... can anyone call _fput where the *file parameter is already
on the free_list?
Thanks
Lee
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Oct 07 2000 - 21:00:11 EST