[patch] Oops on tmpfs remounts with mpol=default
in [Kernel]
|
Prev: [PATCH 1/1] perf tools: Fix non-newt build
Next: [patch 116/123] KVM: x86 emulator: Add group8 instruction decoding
From: Ravikiran G Thirumalai on 12 Mar 2010 19:20 One of our customers reported an Oops when trying to remount a tmpfs mount back with 'default' mempolicy after changing it to a non default policy. Upon examination of code, I found that the kernel remount code tries to dereference the 'NULL' mempolicy object returned by mpol_new at mpol_parse_str. Attached is the oops snippet. Please find the proposed fix inline. Thanks, Kiran --- Fix an 'oops' when a tmpfs mount point is remounted with the 'default' mempolicy. Upon remounting a tmpfs mount point with 'mpol=default' option, the remount code crashed with a null pointer dereference. The initial problem report was on 2.6.27, but the problem exists in mainline 2.6.34-rc as well. On examining the code, we see that mpol_new returns NULL if default mempolicy was requested. This 'NULL' mempolicy is accessed to store the node mask resulting in oops. The following patch fixes the oops by avoiding dereferencing NULL if the new mempolicy is NULL. The patch also sets 'err' to 0 if MPOL_DEFAULT is passed (err is initialized to 1 initially at mpol_parse_str()) Signed-off-by: Ravikiran Thirumalai <kiran(a)scalex86.org> diff --git a/mm/mempolicy.c b/mm/mempolicy.c index bda230e..a86277d 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -2213,10 +2213,14 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) goto out; mode = MPOL_PREFERRED; break; - + case MPOL_DEFAULT: + /* + * mpol_new() enforces empty nodemask, ignores flags. + */ + err = 0; + break; /* * case MPOL_BIND: mpol_new() enforces non-empty nodemask. - * case MPOL_DEFAULT: mpol_new() enforces empty nodemask, ignores flags. */ } @@ -2250,7 +2254,7 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) if (ret) { err = 1; mpol_put(new); - } else if (no_context) { + } else if (no_context && new) { /* save for contextualization */ new->w.user_nodemask = nodes; } |